ReactJS-在重定向之前删除HTTP标头 [英] ReactJS- remove HTTP header before redirect
问题描述
在我的React应用程序中,我正在对终端进行GET REST Web服务调用,该终端的目的是为受保护的S3资产生成预签名的AWS URL.我们将Authorization标头和令牌传递给服务.
In my React app, I'm making a GET REST web service call to an endpoint whose purpose is to generate a presigned AWS URL to a protected S3 asset. We pass an Authorization header and a token to the service.
此初始调用按预期方式工作,并且服务通过重定向(通过307响应代码)进行响应,并将预签名的URL包含在响应的Location标头中.
This initial call works as expected and the service responds with a redirect (via a 307 response code) and includes the presigned URL in the response's Location header.
我面临的问题是,在执行重定向后,Amazon会用400响应代码和以下消息拒绝呼叫.
The issue I'm facing is that when the redirect is followed, Amazon rejects the call with a 400 response code and the following message.
Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified.
在进行重定向之前,是否可以删除Authorization标头?
Is there a way to remove the Authorization header before the redirect is followed?
这似乎应该是一个相当普遍的情况(当React应用程序需要访问受保护的S3资产时)-是否有更好的方法来处理该用例?
This seems like it should be a fairly common situation (when a React application requires access to a protected S3 asset) - is there a better way to handle this use case?
推荐答案
在与Amazon支持进行了几次交谈之后,实现上述目标的方法是使用CloudFront发行版来使S3领先. CloudFront与使用Only one auth mechanism allowed
After several conversations with Amazon support, the way to achieve the above is to front S3 with a CloudFront distribution. CloudFront does not have the same restrictions as S3 with Only one auth mechanism allowed
这就是我所做的:
- 创建具有S3来源的CloudFront发行版.
- 可选选项-限制存储桶访问.
- 您将需要一个CloudFront访问身份(使用现有身份或创建一个新身份).
- 推荐选择-更新存储桶策略
- Create a CloudFront distribution with an S3 origin.
- Optional selection - restrict bucket access.
- You'll need a CloudFront Access Identity (use an existing or create a new one).
- Recommended selection - update bucket policy
- 确保存储桶策略已更新(在上面选择更新存储桶策略"时自动填充)
- 使用您需要支持的方法/标题更新CORS配置
The other thing you'll need is a CloudFront key pair as described here and then use that information when generating the presigned link.
更多信息
- CloudFront with S3 Origin
- CloudFront Signed URLs
Amazon肯定使事情变得复杂得多(即为什么对S3完全没有
Only one auth mechanism allowed限制?),但至少有一种解决方法可供需要的人解决.Amazon definitely makes this much more complicated than it needs to be (i.e. why is there the
Only one auth mechanism allowedrestriction on S3 at all?) but at least there's a workaround for those that need it.这篇关于ReactJS-在重定向之前删除HTTP标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
