HTTP GET to amazon aws from jquery or XMLHttpRequest fails with Origin is not allowed by Access-Control-Allow-Origin
Question
Having some bad luck with getting amazon AWS security token from jQuery or XMLHttpRequest. When I send a HTTP GET from jQuery or XmlHttpRequest, I get "Origin http:// MY_IP is not allowed by Access-Control-Allow-Origin.", but if I paste the same URL in my browser, it all goes fine.
My code:
var url_ = "https://sts.amazonaws.com/?Action=GetSessionToken" +
"&DurationSeconds=3600" +
"&AWSAccessKeyId=" + AccessKeyId +
"&Version=2011-06-15" +
"&Timestamp=" + encode(timestamp) +
"&Signature=" + encode(hash) +
"&SignatureVersion=2&SignatureMethod=HmacSHA256";
$.get(url_, function(data) {
alert("response: "+data);
});
My Headers:
Response Headers
Accept-Ranges bytes
Age 198
Connection Keep-Alive
Content-Length 3739
Content-Type text/html
Date Mon, 25 Jun 2012 17:48:20 GMT
Etag "48c4862-e9b-4c34f76b13400"
Last-Modified Mon, 25 Jun 2012 17:39:28 GMT
Proxy-Connection Keep-Alive
Server Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8r DAV/2 PHP/5.3.10 with Suhosin-Patch
Request Headers
Accept text/html,application/xhtml+xml,application/xml;q=0.9, / ;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
DNT 1
Host MY_IP
If-Modified-Since Mon, 25 Jun 2012 17:13:16 GMT
If-None-Match "48c127c-ea2-4c34f18fe6300"
Proxy-Connection keep-alive
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20100101 Firefox/12.0
Browser headers (if used URL in browser)
Response Headers
Content-Length 808
Content-Type text/xml
Date Mon, 25 Jun 2012 17:31:54 GMT
x-amzn-RequestId a854ff13-beeb-11e1-b3ac-0147da731d96
Request Headers
Accept text/html,application/xhtml+xml,application/xml;q=0.9, / ;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Connection keep-alive
DNT 1
Host sts.amazonaws.com
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20100101 Firefox/12.0
I tried some code from http://www.html5rocks.com/en/tutorials/cors/ , but no luck
Any help is appreciated
1 answers
solution1
1 2012-08-26 00:03:27
You asked that question a while ago, you might already have found your answer, but in case someone else is looking for the answer to this question, here it is:
Access-Control-Allow-Origin is a security feature of XMLHttpRequest when doing a request that is outside of the domain of the web page running the javascript.
For example, a web page http://foo.com/index.html is doing a XMLHttpRequest request for http://bar.com/query?a=b , the server at bar.com must put Access-Control-Allow-Origin in the response headers to specify that cross domain requests are permitted.
Amazon AWS, unfortunately, does not provide Access-Control-Allow-Origin in the response headers, so that means that you can't access it using this technique.
The only technique that works with AWS is using flash to proxy the XMLHttpRequest, but this only works on devices that have flash installed (no iphone or ipads).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.