为什么CloudFront的变化的基础上接受编码CORS标头回应？ [英] Why is CloudFront varying CORS headers response based on Accept-Encoding?

问题描述

我试图让CORS与亚马逊S3 + CloudFront的正常工作。

I'm trying to get CORS to work properly with Amazon S3 + CloudFront.

设置我的CORS的配置之后，它似乎正常工作：

After setting my CORS Configuration, it seems to work properly:

$ curl -H "Origin: https://app.close.io" -I "https://d4389n07pf8cq.cloudfront.net/built/app.9e1f9ee9.js" -s | grep Access  
Access-Control-Allow-Origin: https://app.close.io
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true

但是，当资源被要求与接受编码：gzip的则CORS标头不正确地返回

But when the resource is requested with Accept-Encoding: gzip then the CORS headers aren't returned properly.

$ curl -H "Origin: https://app.close.io" -H "Accept-Encoding: gzip" -I "https://d4389n07pf8cq.cloudfront.net/built/app.9e1f9ee9.js" -s | grep Access 
(nothing)

这是为什么？

Why is that?

我的CORS的配置是这样的：

My CORS configuration looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>https://app.close.io</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>HEAD</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Authorization</AllowedHeader>
        <AllowedHeader>Content-*</AllowedHeader>
        <AllowedHeader>Host</AllowedHeader>
        <AllowedHeader>Accept-Encoding</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

（我也尝试了CORS的配置与重音编码头去掉。）

在S3对象本身gzip压缩，并有元数据内容编码：gzip压缩，缓存控制：公共，最大年龄= 31536000 和内容类型：应用程序/ JavaScript的。

The S3 object itself is gzipped, and has "Metadata" of Content-Encoding: gzip, Cache-Control: public, max-age=31536000, and Content-Type: application/javascript.

我不明白为什么CloudFront的+ S3 CORS不要求gzip压缩的时候正常工作。

I don't understand why CloudFront+S3 CORS isn't working properly when requesting gzip.

推荐答案

在2014年6月26日AWS发布<一个href="http://aws.amazon.com/about-aws/whats-new/2014/06/26/amazon-cloudfront-device-detection-geo-targeting-host-header-cors/"相对=nofollow>适当的有所不同：在CloudFront的原产地的行为的，所以我说在这个问题上一些说明反映我们是如何走到这树立正确的。

On June 26, 2014 AWS released proper Vary: Origin behavior on CloudFront so I added some instructions on this question reflecting how we got it set up right.

这篇关于为什么CloudFront的变化的基础上接受编码CORS标头回应？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！