如何使用来自云前端分发的签名 cookie 访问受限媒体文件，该分发使用与应用程序域不同的域? [英] How to access restricted media files using signed cookies from cloud front distribution which uses a different domain from the application domain?

问题描述

我们可以将来自应用程序域的 cookie 分配给不同的域吗?例如，我们需要访问使用 d1fzlamzw9yswb.cloudfront.net 分发版的受限媒体文件，但是如果我们在 localhost 或任何其他域中运行应用程序，则不允许我们以编程方式将 cookie 分配给 d1fzlamzw9yswb.cloudfront.net.它通常将 cookie 设置为应用程序域.

Can we assign cookies from the application domain to a different domain. For example we need to access the restricted media files which use the d1fzlamzw9yswb.cloudfront.net distribution, but if we run the application in localhost or in any other domain it does not allow us to assign the cookies to d1fzlamzw9yswb.cloudfront.net programmatically. It normally sets the cookies to the application domain.

不知何故，通过将浏览器中的 cookie 手动分配给 d1fzlamzw9yswb.cloudfront.net，我们能够毫无问题地访问内容.

Somehow by manually assigning the cookies from the browser to d1fzlamzw9yswb.cloudfront.net we were able to access the content without any issue.

因此，如果应用程序在另一个域(本地主机或任​​何其他域)中运行，我们如何将 cookie 分配给我们需要访问受限媒体文件的不同域?这样做的最佳方法是什么?

So if the application runs in another domain (localhost or any other) how can we assign the cookies to a different domain where we need to access the restricted media files? What is the best way to do this?

推荐答案

显然不允许为不同的域设置 cookie.

Setting cookies for different domains is obviously not allowed.

但是，可以在签名 cookie 中使用顶级域，例如 .example.com.如果正确设置，此 cookie 将始终发送到向 example.com 发出的任何请求，但也会发送到其任何子域，例如 cloudfront.example.com.因此，我们可以利用这一点，让运行在 backend.example.com 上的后端服务为 .example.com 创建和设置签名 cookie.稍后，当前端请求一个文件表单 cloudfront.example.com 时，它会自动在请求中包含签名的 cookie.

However, one can use an apex domain in a signed cookie, for example, .example.com. If properly set this cookie will always be sent to any request made to example.com, but also to any of its subdomains, e.g., cloudfront.example.com. So we can take advantage of this and have our backend service, which is running on backend.example.com create and set a signed cookie for .example.com. Later when the frontend requests a file form cloudfront.example.com it will automatically include the signed cookie with the request.

此方法需要为 Cloud Front 分发提供自定义域.这里文档如何做到这一点

This approach requires having a custom domain for a Cloud Front distribution. Here docs how to do that

最好的，斯蒂芬

这篇关于如何使用来自云前端分发的签名 cookie 访问受限媒体文件，该分发使用与应用程序域不同的域?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！