IMG标签采购AWS S3失败-CORB吗? [英] IMG tag sourcing AWS S3 fails - CORB?

问题描述

我想将Web项目的图像托管在AWS存储桶中，然后在呈现HTML时动态拉出它们.这给我带来了比我预想的更多的麻烦.

I want to host images for a web project on an AWS bucket, then dynamically pull them as the HTML is rendered. This is giving me a lot more trouble than I anticipated.

这是令人讨厌的标签:

<img src="https://s3.us-east-2.amazonaws.com/ibidnyc/Summer Smith/VERBAL/subsections/Summer-Smith-VERBAL-subtopic-POETRY-fig.jpg" alt="">

执行此操作时，出现跨域读取阻止(CORB)错误(在检查器中；我正在运行Chrome)-显然，Chrome在某些情况下会阻止链接到其他网站上的img源?游标搜索将我带到这里( zyst. io/how-to-fix-aws-s3-chrome-and-safari-cors-on-images )，但我不知道如何应用它.另外，本文针对的是CORS，而不是CORB(我认为是较新的?).

When I do this, I get a Cross-Origin Read Blocking (CORB) error (in the inspector; I'm running Chrome) - apparently, Chrome prevents linking to img sources on other websites in some cases? Cursory searches brought me here (zyst.io/how-to-fix-aws-s3-chrome-and-safari-cors-on-images) but I don't know how to apply it. Also, the article addresses CORS, not CORB (which I think is newer?).

推荐答案

结果证明@Brad是正确的.当我将存储桶实例化为公共时，上传到该存储桶的单个图像仍然是私有的.

Turns out @Brad was right. While I had instantiated the bucket as public, individual images uploaded to said bucket were still private.

将存储桶策略更改为该策略很成功(感谢 h3xed.com！):

Changing the bucket policy to this one did the trick (thanks h3xed.com!):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PublicReadGetObject",
      "Action": "s3:GetObject",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::[bucket_name_here]/*",
      "Principal": "*"
    }
  ]
}

此处介绍的桶策略编辑./a>

Bucket policy editing explained here.

感谢所有贡献者！

这篇关于IMG标签采购AWS S3失败-CORB吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！