AWS CloudFront访问控制允许来源和签名Cookie /网址 [英] AWS CloudFront Access-Control-Allow-Origin and Signed Cookie/Urls

查看:272
本文介绍了AWS CloudFront访问控制允许来源和签名Cookie /网址的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在S3 + Cloudfront + Signed Urls上遇到了CORS。

I'm stuck with a CORS at S3+Cloudfront+Signed Urls.

我的用例是:

第一个故事(成功):


  1. 我有一个带Cloudfront的Amazon S3存储桶。文件可以通过 DOMAIN1 / file 链接

我编写了一个简单的测试JS脚本来获取文件从DOMAIN1并将其放在 DOMAIN2 / test.html

I write a simple test JS script to get file from DOMAIN1 and put it at the DOMAIN2/test.html

第二种情况(也成功):

Second case (successful too):


  1. 我使用Signed Url限制了Cloud Front分发。

  2. 最初,我尝试访问的是DOMAIN1 没有签名的文件。得到了拒绝访问。可以,因为请求未签名。

  3. 我已经创建了签名的URL,并且可以成功下载该文件。

  1. I restrict Cloud Front distribution by using Signed Url.
  2. At first I tried is to access a file at DOMAIN1 without Signature. Got an Access denied. It's ok, since request is not signed.
  3. I've created a signed URL and able to download the file successfully.

第三种情况(失败)


  1. 我输入了签名的网址(来自第二种情况) )到 DOMAIN2 / test.html 测试脚本

  2. ,总是得到 No'Access-Control- Allow-Origin'标头错误。

  1. I put signed url (from 2nd case) to the DOMAIN2/test.html test script
  2. And always got a No 'Access-Control-Allow-Origin' header error.

因此,在分配受限的情况下,Cloudfront不会发送标头。

So Cloudfront is not sending a header in case of restricted distribution.

CORS xml是:

CORS xml is:

<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>http://*</AllowedOrigin>
    <AllowedOrigin>https://*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <MaxAgeSeconds>10</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>

CloudFront / S3 / IAM设置。我该如何解决?

It must be some issue in the CloudFront/S3/IAM settings. How I can fix it?

推荐答案

我去了 Cloudfront Distributions-> MYPRIVATECLOUDFRONTID->行为并添加以下内容:

I went to Cloudfront Distributions -> MYPRIVATECLOUDFRONTID -> Behaviors and added the Following:

Path Pattern = path/to/my/file.ext

Forward Headers = Whitelist

并添加到白名单标头:来源

别忘了取消选中限制查看者访问权限选项(使用签名的URL或
签名的Cookie)-对我来说,即使我已将整个缓存标记为受限,也被标记为不受限。

Don't forget to uncheck the option Restrict Viewer Access (Use Signed URLs or Signed Cookies) - for me, it was marked to not restrict even though I have marked the whole cache to be restricted.

下一步是根据需要自动设置此白名单。

My next step is to automatically set this whitelist on demand.

这篇关于AWS CloudFront访问控制允许来源和签名Cookie /网址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆