Azure存储CORS [英] Azure Storage CORS

问题描述

我有一个www.somedomain.com应用。现在我的所有文件（终端用户上传）存储在具有类似somesubdomain.blob.core.windows.net域Azure存储。每当用户想要查看的文档，文档的上天青公共链路被添加到的iframe源，并且可以观看。唯一的问题是，在许多情况下，该文件是使用JavaScript包容，这是试图访问其原本是我的第一台主机上的父一些基本的安全自由变量一个HTML

I have a application on www.somedomain.com. Now all my files(enduser uploaded) are stored on Azure storage which has a domain like somesubdomain.blob.core.windows.net. Whenever the user wants to view the document, the public link of the document on azure is added to a iframe source and can be viewed. The only problem is that, that file in many cases is a html with Javascript inclusion, which is trying to access some basic security free variables on the parent which is originally on my first host.

每一次对Azure存储的HTML文件试图访问父文档变量，我得到的错误阻止原产框架的 http://somesubdomain.blob.core.windows.net访问与出身 HTTP框架 ：。//somedomain.com 协议，域和端口必须匹配

Every time the html file on azure storage tries to access the parent document variables, I get the error "Blocked a frame with origin 'http://somesubdomain.blob.core.windows.net' from accessing a frame with origin "http://somedomain.com". Protocols, domains, and ports must match.'

任何指导，并在这方面的帮助将是有益的。

Any guidance and help on this would be helpful.

推荐答案

您需要启用您的存储帐户的Blob服务CORS跨域的JavaScript访问。您可以了解更多关于Azure存储和CORS这里：<一href=\"https://msdn.microsoft.com/en-us/library/azure/dn535601.aspx\">https://msdn.microsoft.com/en-us/library/azure/dn535601.aspx.

You need to enable CORS on your storage account's blob service to cross-domain JavaScript access. You can learn more about Azure Storage and CORS here: https://msdn.microsoft.com/en-us/library/azure/dn535601.aspx.

我也写了一篇博客文章前段时间一样，你可以在这里阅读：<一href=\"http://gauravmantri.com/2013/12/01/windows-azure-storage-and-cors-lets-have-some-fun/\">http://gauravmantri.com/2013/12/01/windows-azure-storage-and-cors-lets-have-some-fun/.

I also wrote a blog post some time ago on the same, which you can read here: http://gauravmantri.com/2013/12/01/windows-azure-storage-and-cors-lets-have-some-fun/.

如果您正在使用的.Net存储客户端库，你可以使用下面code设置CORS规则：

If you're using .Net Storage Client library, you can use code below to set CORS rule:

static void AddCorsRuleStorageClientLibrary()
{
    //Add a new rule.
    var corsRule = new CorsRule()
    {
        AllowedHeaders = new List<string> { "*" },
        AllowedMethods = CorsHttpMethods.Get
        AllowedOrigins = new List<string> { "http://somedomain.com" },//This is the URL of your application.
        MaxAgeInSeconds = 1 * 60 * 60,//Let the browser cache it for an hour
    };

    //First get the service properties from storage to ensure we're not adding the same CORS rule again.
    var storageAccount = new CloudStorageAccount(new StorageCredentials(accountName, accountKey), true);
    var client = storageAccount.CreateCloudBlobClient();
    var serviceProperties = client.GetServiceProperties();
    var corsSettings = serviceProperties.Cors;

    corsSettings.CorsRules.Add(corsRule);
    //Save the rule
    client.SetServiceProperties(serviceProperties);
}

这篇关于Azure存储CORS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！