aws javascript sdk getSignedUrl 操作上的访问控制允许来源? [英] Access-control-allow-origin on aws javascript sdk getSignedUrl operation?
问题描述
是否可以在 S3 对象的 getSignedUrl 操作上设置 access-control-allow-origin?我一直在寻找 aws 文档中可用参数的列表,但不清楚.
Is it possible to set access-control-allow-origin on getSignedUrl operation for a S3 object? I have been looking out for a list of available params from the aws documentation but it's unclear.
更新:假设我在名为test-bucket"的存储桶中有一个对象test-file.jpg".存储桶上没有设置 CORS 策略.由 getSignedUrl 方法创建的签名 URL 在浏览器中引发no access-control-allow-origin 标头存在"不允许错误.
Update: Suppose I have an object "test-file.jpg" in a bucket named "test-bucket". There is no CORS policy set on the bucket. The signed URL created by the getSignedUrl method throws 'no access-control-allow-origin header present' not allowed error in the browser.
var s3 = new aws.S3({'signatureVersion': 'v4'});
var options = {
Bucket:"test-bucket",
Key:"test-file.jpg",
Expires:120
}
var signedUrl = s3.getSignedUrl('getObject', options);
上面的函数调用中是否有设置access-control-allow-origin:*的选项?
Is there an option to set the access-control-allow-origin : * in the above function call?
推荐答案
没有办法做到这一点.您需要在存储桶上配置 CORS.
There is not a way to do this. You would need to configure CORS on the bucket.
有一些选项,例如 ResponseContentDisposition,当使用预签名的 URL 获取对象时,这些选项会导致 S3 将额外的、自定义的响应标头注入响应中.CORS 没有这样的选项.
There are some options, like ResponseContentDisposition that cause S3 to inject extra, customized response headers into the response when the pre-signed URL is used to fetch the object. There is no such option for CORS.
可以使用 CloudFront、Lambda@Edge、源访问身份和 CloudFront 预签名 URL 设计一种听起来有些复杂(但看似有效)的解决方法.Lambda 响应触发器会将 CORS 响应标头添加到 S3 响应中,在通过 CloudFront 签名 URL 验证后,OAI 在 S3 会对其进行授权,并且 Lambda 请求触发器将生成浏览器可能需要的任何飞行前响应.
A somewhat complex-sounding (but seemingly effective) workaround could be designed using CloudFront, Lambda@Edge, an Origin Access Identity, and CloudFront pre-signed URLs. A Lambda response trigger would add the CORS response headers to the S3 response, which would have been authorized at S3 by the OAI after being validated by the CloudFront signed URL, and a Lambda request trigger would generate any pre-flight response the browser might require.
这篇关于aws javascript sdk getSignedUrl 操作上的访问控制允许来源?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
