Cloudfront CORS仅适用于子域 [英] Cloudfront CORS only works for subdomain

问题描述

使用Cloudfront + S3时，CORS的行为非常奇怪

I'm with a very strange behavior with CORS using Cloudfront + S3

我跑步时

curl -I -s -X GET -H "Origin: https://myapp.com" https://s3.amazonaws.com/myapp/assets/fontawesome-webfont.woff | grep Access

和

curl -I -s -X GET -H "Origin: https://**www.**myapp.com" https://s3.amazonaws.com/myapp/assets/fontawesome-webfont.woff | grep Access

两者均按预期返回值:

Access-Control-Allow-Origin: https://musicjungle.com.br

访问控制允许方法:GET访问控制公开标头:ETag

Access-Control-Allow-Methods: GET Access-Control-Expose-Headers: ETag

Access-Control-Max-Age:3000 Access-Control-Allow-Credentials:true

Access-Control-Max-Age: 3000 Access-Control-Allow-Credentials: true

变化:来源，访问控制请求标头，

Vary: Origin, Access-Control-Request-Headers,

访问控制请求方法

但是当我尝试使用Cloudfront URL运行相同的curl时，仅www子域有效

But when I try to run the same curl using the Cloudfront URL, just the www subdomain works

curl -I -s -X GET -H "Origin: https://www.myapp.com" https://d1bfllp5zjnl7u.cloudfront.net/assets/fontawesome-webfont.woff | grep Access

访问控制允许来源: https://www.musicjungle.com.br

访问控制允许方法:GET，PUT，POST，DELETE，HEAD

Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD

Access-Control-Max-Age:3000 Access-Control-Allow-Credentials:true

Access-Control-Max-Age: 3000 Access-Control-Allow-Credentials: true

以下命令未按预期返回标头

The below command doesn't return the headers as expected

curl -I -s -X GET -H "Origin: https://myapp.com" https://d1bfllp5zjnl7u.cloudfront.net/assets/fontawesome-webfont.woff | grep Access

任何想法为什么会发生这种情况?我已经在S3 CORS配置上允许两台服务器使用Origin(如我们在上面看到的)，但是在Cloudfront配置上似乎有些问题，只允许使用"www.myapp.com".

Any ideia why this could be happening? I already allowed Origin for both servers on S3 CORS configuration (as we can see above), but it seems to be something on Cloudfront configuration, that only allows "www.myapp.com".

推荐答案

如果我理解正确，我会说这是CloudFront的请求标头"缓存设置的问题...

If I understand you right, I'd say it's a matter of CloudFront's Request Headers cache settings...

默认情况下， CloudFront 在将对象缓存在边缘位置时不考虑标头.如果您的来源返回了两个对象，并且它们之间的区别仅在于请求标头中的值不同，则CloudFront仅缓存该对象的一种版本.

By default, CloudFront doesn't consider headers when caching your objects in edge locations. If your origin returns two objects and they differ only by the values in the request headers, CloudFront caches only one version of the object.

– 来源.

因此，转到您的分布并编辑您的行为以允许CloudFront基于Origin标头的值来缓存对象:

So, go to your Distribution and edit your Behavior to allow CloudFront to cache objects based on the values of the Origin headers:

建立新设置后，为受影响的文件创建一个 Invalidation .

After new settings are established, create an Invalidation for the affected files.

这篇关于Cloudfront CORS仅适用于子域的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！