S3 CORS，总是发送变化：原产地 [英] S3 CORS, always send Vary: Origin

问题描述

我在启用CORS的Cloudfront后面使用了一个S3存储桶。如果客户端使用Origin头发出请求，则S3（和cloudfront）使用Vary：Origin头来响应，但是如果请求没有Origin，则响应不包含任何Vary头。 p>

这是有问题的，因为我在img标签中使用了来自cloudfront / s3的资源，在这种情况下，浏览器发出没有Origin头的请求，然后再发出一个ajax请求。浏览器然后使用缓存版本的映像，没有Access-Control-Allow-Origin头，因此拒绝了请求。

有任何方法可以获得S3总是返回Vary：Origin头？

解决方案

另一个解决方案是配置您的CloudFront分配，请求转换为CORS请求。这是可能的，通过添加一个CORS头到每个请求CloudFront使用最近添加的CloudFront功能控制边缘到源头请求头发送到S3。

查看功能公告： https://aws.amazon.com/blogs/aws/cloudfront-update-https-tls-v1-1v1-2-to-the-origin-addmodify-headers/

这里的文档： http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/forward-custom-headers.html 。

I am using an S3 bucket behind Cloudfront with CORS enabled. If the client makes a request with the Origin header, then S3 (and cloudfront) respond with a "Vary: Origin" header, however if the request is made without the Origin, header then the response does not contain any Vary Header.

This is problematic because I use a resource from cloudfront/s3 in an img tag, in which case the browser makes the request without the Origin header, and then later make an ajax request for said image. The browser then uses the cached version of the image, without the Access-Control-Allow-Origin header, and therefore denies the request.

Is there any way to get S3 to always return the "Vary: Origin" header?

解决方案

Another solution would be configuring your CloudFront distribution to automatically turn Non-CORS requests into CORS requests. This is possible by adding a CORS header to each request CloudFront sends to S3 using the recently added CloudFront feature "Control Edge-To-Origin Request Headers".

See the feature announcement here: https://aws.amazon.com/blogs/aws/cloudfront-update-https-tls-v1-1v1-2-to-the-origin-addmodify-headers/

And the documentation here: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/forward-custom-headers.html.

这篇关于S3 CORS，总是发送变化：原产地的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！