为什么CloudFront的变化的基础上接受编码CORS标头回应? [英] Why is CloudFront varying CORS headers response based on Accept-Encoding?
问题描述
我试图让CORS与亚马逊S3 + CloudFront的正常工作。
I'm trying to get CORS to work properly with Amazon S3 + CloudFront.
设置我的CORS的配置之后,它似乎正常工作:
After setting my CORS Configuration, it seems to work properly:
$ curl -H "Origin: https://app.close.io" -I "https://d4389n07pf8cq.cloudfront.net/built/app.9e1f9ee9.js" -s | grep Access
Access-Control-Allow-Origin: https://app.close.io
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
但是,当资源被要求与接受编码:gzip的
则CORS标头不正确地返回
But when the resource is requested with Accept-Encoding: gzip
then the CORS headers aren't returned properly.
$ curl -H "Origin: https://app.close.io" -H "Accept-Encoding: gzip" -I "https://d4389n07pf8cq.cloudfront.net/built/app.9e1f9ee9.js" -s | grep Access
(nothing)
这是为什么?
Why is that?
我的CORS的配置是这样的:
My CORS configuration looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>https://app.close.io</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
<AllowedHeader>Content-*</AllowedHeader>
<AllowedHeader>Host</AllowedHeader>
<AllowedHeader>Accept-Encoding</AllowedHeader>
</CORSRule>
</CORSConfiguration>
(我也尝试了CORS的配置与重音编码
头去掉。)
在S3对象本身gzip压缩,并有元数据内容编码:gzip压缩
,缓存控制:公共,最大年龄= 31536000
和内容类型:应用程序/ JavaScript的
。
The S3 object itself is gzipped, and has "Metadata" of Content-Encoding: gzip
, Cache-Control: public, max-age=31536000
, and Content-Type: application/javascript
.
我不明白为什么CloudFront的+ S3 CORS不要求gzip压缩的时候正常工作。
I don't understand why CloudFront+S3 CORS isn't working properly when requesting gzip.
推荐答案
在2014年6月26日AWS发布<一个href="http://aws.amazon.com/about-aws/whats-new/2014/06/26/amazon-cloudfront-device-detection-geo-targeting-host-header-cors/"相对=nofollow>适当的有所不同:在CloudFront的原产地的行为的,所以我说在这个问题上一些说明反映我们是如何走到这树立正确的。
On June 26, 2014 AWS released proper Vary: Origin behavior on CloudFront so I added some instructions on this question reflecting how we got it set up right.
这篇关于为什么CloudFront的变化的基础上接受编码CORS标头回应?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!