AWS S3存储桶:CORS配置 [英] AWS S3 bucket: CORS Configuration

问题描述

我正在尝试从S3下载图像.但是我收到了错误的CORS.

I am trying to download an image from S3. But I got error CORS.

我做了什么:

-为S3存储桶设置CORS配置:

-Setup CORS configuration for S3 bucket:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<ExposeHeader>Accept-Ranges</ExposeHeader>
<ExposeHeader>Content-Range</ExposeHeader>
<ExposeHeader>Content-Encoding</ExposeHeader>
<ExposeHeader>Content-Length</ExposeHeader>
<ExposeHeader>Access-Control-Allow-Origin</ExposeHeader>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

-我使用AWS控制台上传了图像

-I uploaded an image using AWS console

-在html中加载图片:

-load image in html:

<div id="my-node">
   <img id="image" src="path/to/s3/bucket/image.png" class="img-responsive"/>
</div>

-要下载图像，我使用 https://github.com/tsayen/dom-图片下载

-To download image, I use https://github.com/tsayen/dom-to-image to download

domtoimage.toBlob(document.getElementById('my-node'))
.then(function (blob) {
    window.saveAs(blob, 'my-node.png');
});

结果:我收到错误

XMLHttpRequest无法加载path/to/s3/bucket/image.png.不请求中存在"Access-Control-Allow-Origin"标头资源.

XMLHttpRequest cannot load path/to/s3/bucket/image.png. No 'Access-Control-Allow-Origin' header is present on the requested resource.

我检查了图像，响应头不包括Access-Control-Allow-Origin(似乎S3在响应中不包括CORS配置)

I inspected the image, the response header not including Access-Control-Allow-Origin (it seems S3 didn't include CORS configuration in response)

Accept-Ranges:bytes
Content-Length:124824
Content-Type:image/png
Date:Mon, 24 Apr 2017 17:27:48 GMT
ETag:"xxxxxxxx00000000"
Last-Modified:Mon, 24 Apr 2017 17:18:53 GMT
Server:AmazonS3
x-amz-id-2:xxxxxxxxxxxxxxxxx
x-amz-request-id:xxxxxxxxxxxx

非常感谢您的任何建议或建议

Very appreciated for any suggestion or advice

推荐答案

您的存储桶策略需要至少向公共用户授予 s3:GetBucketCORS ，例如:

Your bucket policy needs to grant at least s3:GetBucketCORS to public users, e.g.:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetBucketCORS"
            ],
            "Resource": [
                "arn:aws:s3:::mybucketname"
            ]
        }
    ]
}

这篇关于AWS S3存储桶:CORS配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！