stackoom
  简体   繁体   中英

Amazon S3 CORS Configuration XMLHttpRequest GET

 原文  2013-01-23 18:12:12       javascript/ amazon-s3/ xmlhttprequest/ amazon/ cors

Question

I'm hosting a static website via Amazon S3 and I have some Javascript on there that will make a call to another domain and parse the XML, JSON, or whatever that it gets.

I followed the many posts on stackoverflow and various blog posts it linked to that claimed to get it working but even after following very closely I could never replicate the results. 

 <CORSRule>
   <AllowedOrigin>*</AllowedOrigin>
   <AllowedMethod>GET</AllowedMethod>
 </CORSRule>

I even tried adding with and without the following to the rule, 

 <AllowedHeader>*</AllowedHeader>

The following link allows you to test if CORS is enabled by sending XMLHttpRequests and it says it is not valid so CORS is not set up or recognized properly.

http://client.cors-api.appspot.com/client/

A possible lead is what is suggested in Amazon S3 documentation here,

http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETcors.html

that says we need to set the "s3:GetCORSConfiguration" permission, which I did via a line like...

"Action": ["s3:GetObject", "s3:GetCORSConfiguration"],

in the "edit bucket policy" section from the AWS control panel but it gives an error and cannot save because it doesn't recognize this action?

A potentially similar post on stackexchange here,

HTTP GET to amazon aws from jquery or XMLHttpRequest fails with Origin is not allowed by Access-Control-Allow-Origin

seems to suggest that if I have a website hosted on S3 that it can not configure it to make XMLHttpRequests that are GET to a 3rd party resource?

I feel like I'm going in circles...anyone out there have any leads/advice? Thanks.

3 answers

solution1
 1  2017-09-19 17:52:38

You have to expose the access control headers. Try this: 

<CORSRule>
  <AllowedOrigin>*</AllowedOrigin>
  <AllowedMethod>GET</AllowedMethod>
  <ExposeHeader>Access-Control-Allow-Origin</ExposeHeader>
  <ExposeHeader>Access-Control-Allow-Methods</ExposeHeader>
</CORSRule>

solution2
 0  2014-12-09 18:46:36

There might be some relation here to the example we just worked through on our apps which was related to the https which was a hardcoded configuration on some of our clients machines. I don't know exactly what that means but it might be a place to check.

instead of http:// try https://

XMLHttpRequest to Amazon S3 fails only on some computers

solution3
 -1  2013-01-23 18:25:08

I think you are confused or I misread your question.

You enable CORS on your site so other sites can make requests to your page.

Enabling CORS on your S3 site will allow example.com to talk to your S3 page. It does not allow your site to talk to example.com.

In order for you to make requests to other domains, they have to enable the privileges. You can not magically turn it on for their domains. It is like saying that you give permission to yourself to walk into the whitehouse and use the president's bathroom. When you hop the fence, the secret service will deny that request with force.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question XMLHttpRequest and S3, CORS error Javascript/JQuery AJAX and Amazon S3 GET request. CORS Amazon S3 + CloudFront CORS issue Amazon S3 CORS PUT fails AWS S3 bucket: CORS Configuration CORS error with S3 even after adding CORS configuration XMLHttpRequest to Amazon S3 fails only on some computers Can't upload to Amazon S3 with signed request via XMLHttpRequest CORS via accessing Amazon S3 via Javascript Amazon S3 and Cross-Origin Resource Sharing (CORS)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM