S3 CORS,始终发送 Vary: Origin [英] S3 CORS, always send Vary: Origin
问题描述
我在启用 CORS 的 Cloudfront 后面使用 S3 存储桶.如果客户端使用 Origin 标头发出请求,那么 S3(和 cloudfront)会使用Vary: Origin"标头进行响应,但是如果在没有 Origin, 标头的情况下发出请求,则响应不包含任何 Vary 标头.
这是有问题的,因为我在 img 标签中使用了来自 cloudfront/s3 的资源,在这种情况下,浏览器发出没有 Origin 标头的请求,然后对所述图像发出 ajax 请求.浏览器然后使用图像的缓存版本,没有 Access-Control-Allow-Origin 标头,因此拒绝请求.
有什么办法可以让 S3 始终返回Vary: Origin"标头?
另一种解决方案是配置您的 CloudFront 分配以自动将非 CORS 请求转换为 CORS 请求.这可以通过使用最近添加的 CloudFront 功能控制边缘到源请求标头"向 CloudFront 发送到 S3 的每个请求添加 CORS 标头来实现.
这里的文档:http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/forward-custom-headers.html.
I am using an S3 bucket behind Cloudfront with CORS enabled. If the client makes a request with the Origin header, then S3 (and cloudfront) respond with a "Vary: Origin" header, however if the request is made without the Origin, header then the response does not contain any Vary Header.
This is problematic because I use a resource from cloudfront/s3 in an img tag, in which case the browser makes the request without the Origin header, and then later make an ajax request for said image. The browser then uses the cached version of the image, without the Access-Control-Allow-Origin header, and therefore denies the request.
Is there any way to get S3 to always return the "Vary: Origin" header?
Another solution would be configuring your CloudFront distribution to automatically turn Non-CORS requests into CORS requests. This is possible by adding a CORS header to each request CloudFront sends to S3 using the recently added CloudFront feature "Control Edge-To-Origin Request Headers".
See the feature announcement here: https://aws.amazon.com/blogs/aws/cloudfront-update-https-tls-v1-1v1-2-to-the-origin-addmodify-headers/
And the documentation here: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/forward-custom-headers.html.
这篇关于S3 CORS,始终发送 Vary: Origin的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
