AWS CloudFront访问控制允许来源和签名Cookie /网址 [英] AWS CloudFront Access-Control-Allow-Origin and Signed Cookie/Urls
问题描述
我在S3 + Cloudfront + Signed Urls上遇到了CORS。
I'm stuck with a CORS at S3+Cloudfront+Signed Urls.
我的用例是:
第一个故事(成功):
-
我有一个带Cloudfront的Amazon S3存储桶。文件可以通过
DOMAIN1 / file
链接
我编写了一个简单的测试JS脚本来获取文件从DOMAIN1并将其放在 DOMAIN2 / test.html
I write a simple test JS script to get file from DOMAIN1 and put it at the DOMAIN2/test.html
第二种情况(也成功):
Second case (successful too):
- 我使用Signed Url限制了Cloud Front分发。
- 最初,我尝试访问的是DOMAIN1 没有签名的文件。得到了拒绝访问。可以,因为请求未签名。
- 我已经创建了签名的URL,并且可以成功下载该文件。
- I restrict Cloud Front distribution by using Signed Url.
- At first I tried is to access a file at DOMAIN1 without Signature. Got an Access denied. It's ok, since request is not signed.
- I've created a signed URL and able to download the file successfully.
第三种情况(失败)
- 我输入了签名的网址(来自第二种情况) )到
DOMAIN2 / test.html
测试脚本 - ,总是得到
No'Access-Control- Allow-Origin'标头
错误。
- I put signed url (from 2nd case) to the
DOMAIN2/test.html
test script - And always got a
No 'Access-Control-Allow-Origin' header
error.
因此,在分配受限的情况下,Cloudfront不会发送标头。
So Cloudfront is not sending a header in case of restricted distribution.
CORS xml是:
CORS xml is:
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>10</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
CloudFront / S3 / IAM设置。我该如何解决?
It must be some issue in the CloudFront/S3/IAM settings. How I can fix it?
推荐答案
我去了 Cloudfront Distributions-> MYPRIVATECLOUDFRONTID->行为
并添加以下内容:
I went to Cloudfront Distributions -> MYPRIVATECLOUDFRONTID -> Behaviors
and added the Following:
Path Pattern = path/to/my/file.ext
Forward Headers = Whitelist
并添加到白名单标头:来源
别忘了取消选中限制查看者访问权限选项(使用签名的URL或
-对我来说,即使我已将整个缓存标记为受限,也被标记为不受限。
签名的Cookie)
Don't forget to uncheck the option Restrict Viewer Access (Use Signed URLs or
Signed Cookies)
- for me, it was marked to not restrict even though I have marked the whole cache to be restricted.
下一步是根据需要自动设置此白名单。
My next step is to automatically set this whitelist on demand.
这篇关于AWS CloudFront访问控制允许来源和签名Cookie /网址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!