从浏览器上传到S3时为什么会出现403错误? [英] Why am I getting a 403 error when uploading to S3 from the browser?

问题描述

因此，我尝试浏览此处的先前答案，但似乎没有任何效果.我使用的是Dropzone，它似乎发出了OPTIONS请求，以获取所有允许的CORS相关信息，但它似乎无法正确返回

So I've tried looking through previous answers on here and nothing seems to be working. I'm using Dropzone, which appears to make an OPTIONS request to get all the allowed CORS related information, but it doesn't seem to be returning properly

因此，通过查看Chrome开发者工具，我可以看到以下请求标头

So from looking in the Chrome dev tools, I have the following Request Headers

Host: mybucket.s3.amazonaws.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://localhost:9010
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Access-Control-Request-Headers: accept, cache-control, content-type, x-requested-with
Accept: */*
Referer: http://localhost:9010/upload
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

这些是我得到的响应标题

And these are the Response Headers I'm getting

HTTP/1.1 403 Forbidden
x-amz-request-id: 9BE37C4F32052EAB
x-amz-id-2: Zxg+v9AQ7G7sgMKz4P7xleUhrymyWGbBNNof8jFFsZ5n0Xw8T/mPovbMO55HZ5fL
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Fri, 28 Aug 2015 18:35:26 GMT
Server: AmazonS3

根据 AWS文档，我应该得到<其中，strong> Access-Control-Allow-Methods 和 Access-Control-Allow-Headers 似乎很重要.

According to the AWS documentation I should be getting Access-Control-Allow-Methods and Access-Control-Allow-Headers among things, but I don't seem to be.

我知道我的存储桶有效，并且网址有效，并且存储桶中的CORS文件如下:

I know my bucket is valid, and the url is valid and my CORS file in the bucket is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

关于发送的表单数据，我有以下内容:

So in terms of the form data that's being sent, I have the following:

acl
key
policy
x-amx-credential
x-amz-algorithm
x-amz-date
x-amz-signature

除了文件数据.我认为我没有什么丢失的东西

In addition to the file data. I don't think there's anything I'm missing

推荐答案

啊，真是愚蠢.根据启用CORS 上的页面看来，该选项请求:

Agh, it was super dumb. It seems according to the page on enabling CORS that for OPTIONS requests:

预检请求中请求的Access-Control-Request-Headers标题中列出的每个标题都必须与AllowedHeader元素匹配.

Every header listed in the request's Access-Control-Request-Headers header on the preflight request must match an AllowedHeader element.

意思是我必须在CORS政策中添加一堆以前缺少的行

Meaning I had to add a bunch of previously missing lines to my CORS policy

<AllowedHeader>accept</AllowedHeader>
<AllowedHeader>cache-control</AllowedHeader>
...

这篇关于从浏览器上传到S3时为什么会出现403错误?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！