Cloudfront签署了Cookie问题,得到403 [英] Cloudfront signed cookies issue, getting 403
问题描述
我们已使用CloudFront存储图像URL,并使用签名的cookie仅通过我们的应用程序提供访问。没有签名的cookie,我们可以访问内容,但是启用签名的cookie之后,我们将获得HTTP 403。
We have used CloudFront to store image URLs and using signed cookies to provide access only through our application. Without signed cookies we are able to access contents but after enabling signed cookies we are getting HTTP 403.
下面是我们要发送的配置/ cookie:
Below is configuration/cookies we are sending:
与请求一起使用的Cookie:
Cookies going with the request:
-
CloudFront过期:1522454400 -
CloudFront-Key-Pair-Id:xyz ... -
CloudFront-Policy:abcde ... -
CloudFront-Signature:abce ...
CloudFront-Expires: 1522454400CloudFront-Key-Pair-Id: xyz...CloudFront-Policy: abcde...CloudFront-Signature: abce...
这是我们的CloudFront政策:
Here is our CloudFront policy:
{
"Statement": [
{
"Resource":"https://*.abc.com/*",
"Condition":{
"DateLessThan":{"AWS:EpochTime":1522454400}
}
}
]
}
cookie域是 .abc.com ,并且资源路径为 https://*.abc.com/* 。
The cookie domain is .abc.com, and the resource path is https://*.abc.com/*.
我们正在使用 CannedPol 来创建 CloudFront cookie。
We are using CannedPolicy to create CloudFront cookies.
为什么这不能按预期工作?
Why isn't this working as expected?
推荐答案
我有解决方案。我们的要求是通配符访问。 CloudFrontCookieSigner.getCookiesForCustomPolicy(this.resourcePath,pk,this.keyPairId,expiresOn,null, 0.0.0.0/0);
I have got solution.Our requirement was wildcard access. CloudFrontCookieSigner.getCookiesForCustomPolicy(this.resourcePath,pk,this.keyPairId,expiresOn,null,"0.0.0.0/0");
where resource path = https+ "distribution name" + /*
activeFrom = it is optional so pass it as null
pk = private key ( few api also take file but it didn't work, so get the private key from file and use above function)
我们要访问分发下的所有内容,固定策略不允许使用通配符。因此,我们将其更改为自定义政策,它开始起作用。
we want to access all contents under distribution, canned policy doesn't allow wildcard. So, we changed it to custom policy and it worked.
这篇关于Cloudfront签署了Cookie问题,得到403的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
