最新的 Chomium 和 Google Canary 上 Amazon S3 的 CORS 问题 [英] CORS problems with Amazon S3 on the latest Chomium and Google Canary
问题描述
我们的网站在使用最新版本的 Chromium(版本 33.0.1722.0 - 237596)和 Chrome Canary 的 Amazon S3 存储桶上加载 CSS 和 JS 资源时出现问题.它适用于任何其他浏览器,包括当前的 Chrome (31.0.1650.57).
Our website is having problems loading CSS and JS resources on a Amazon S3 bucket with the very latest version of Chromium (Version 33.0.1722.0 - 237596) and Chrome Canary. It works well with any of the other browsers including the current Chrome (31.0.1650.57).
错误是:
来自 'https://mybucket.s3.amazonaws.com' 的脚本有已被跨源资源共享策略阻止加载:请求的资源上不存在访问控制允许源"标头.因此,不允许访问源https://app.example.com".
Script from origin 'https://mybucket.s3.amazonaws.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://app.example.com' is therefore not allowed access.
我们在资源桶上的 S3 CORS 配置是:
Our S3 CORS configuration on the resource bucket is:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>300000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
这是 Chromium 的错误吗?最新的 CORS 规范有什么变化吗?
Is it a bug with Chromium? Did something change on the latest CORS spec?
推荐答案
在 url 中添加任何查询参数,例如 ?cacheblock=true,如下所示:
Add any query parameter such as ?cacheblock=true to the url, like so:
代替:https://somebucket.s3.amazonaws.com/someresource.pdf
做:https://somebucket.s3.amazonaws.com/someresource.pdf?cacheblock=true
我没有完全理解技术解释.但它类似于以下内容:
The technical explanation I don't have entirely down. But it is something like the following:
包含查询参数将防止 Chrome 中的行为不端"缓存行为,导致 Chrome 为预检请求和实际请求发送新请求,允许在两个请求中都存在正确的标头,从而允许 S3正确回应.大约.
Including a query parameter will prevent the 'misbehaving' caching behavior in Chrome, causing Chrome to send out a fresh request for both the preflight request and the actual request, allowing the proper headers to be present on both requests, allowing S3 to respond properly. Approximately.
这篇关于最新的 Chomium 和 Google Canary 上 Amazon S3 的 CORS 问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
