跨源资源共享(Access-Control-Allow-Origin头)Rackspace Cloudfiles CDN [英] Cross-Origin Resource Sharing (Access-Control-Allow-Origin header) Rackspace Cloudfiles CDN
问题描述
由于我们的机架式CDN上的CSS中的嵌入字体文件,我在Chrome的实际网站上收到以下错误:
I am getting the following error on our live site in Chrome due to embedded font files in CSS all on our rackspace CDN:
源自原文的字体 https://aaa-aaa.ssl.cf3.rackcdn.com '已被跨源资源共享策略阻止加载:在请求的资源上不存在Access-Control-Allow-Origin头。原因 https://www.mysite.co.uk 因此不允许访问。
Font from origin 'https://aaa-aaa.ssl.cf3.rackcdn.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.mysite.co.uk' is therefore not allowed access.
如何在从CDN获取这些文件时将Access-Control-Allow-Origin标头添加到响应?
How do I add the Access-Control-Allow-Origin header on to the response when GETting these files from the CDN?
推荐答案
最后,从文档和Rackspace团队的一些帮助下完成。
Finally worked this out from the docs and some help from the Rackspace crew.
重要的是,对于仅包含CDN文件的启用CDN的容器,没有调整容器的元标头的点。这些只是由不在CDN上的文件继承的。
Importantly, for CDN enabled containers containing only CDN files, there is no point adjusting the container's meta-headers. These are only inherited by files not on the CDN.
我不得不调整字体文件本身的响应头。不幸的是,目前只支持通过API,我在Windows 7中使用curl从命令行。
I had to adjust the response headers on the font files themselves. Unfortunately this is only currently supported through the API and I used curl from the command line in Windows 7.
第一步是验证:
curl -d "{\"auth\":{\"RAX-KSKEY:apiKeyCredentials\":{\"username\":\"my_username\",\"apiKey\":\"my_api_key\"}}}" -H "Content-Type: application/json" "https://identity.api.rackspacecloud.com/v2.0/tokens"
然后提取 id 响应中的端点相关的 publicURL code> cloudFiles 。我将响应复制到Notepad ++并分别搜索令牌和 cloudfiles 。
Then extract the id of the token from the response and the publicURL of the endpoint related to cloudFiles. I copied the response to Notepad++ and searched for token and cloudfiles respectively.
使用以下命令:
curl -i -XPOST -H "x-auth-token: my-auth-token" -H "Access-Control-Expose-Headers: Access-Control-Allow-Origin" -H "Access-Control-Allow-Origin: *" https://storage101.lon3.clouddrive.com/v1/MossoCloudFS_my-end-point/container/pseudo-dir1/psuedo-dir2/my-site-icons.ttf
有效吗?
我有一个 HTTP / 1.1 2xx 响应并检查它是否工作:
I got a HTTP/1.1 2xx response and checked it worked with:
curl -i -XGET -H "X-Auth-Token: my-auth-token" https://storage101.lon3.clouddrive.com/v1/MossoCloudFS_my-end-point/container/pseudo-dir1/psuedo-dir2/my-site-icons.ttf
不幸的是,您必须等待文件的TTL过期,或清除它以查看实时结果。当我这样做,它接管了一天,做边缘清洗。我检查了版本:
Unfortunately you have to wait for the file's TTL to expire, or purge it to see a live result. When I did this it was taking over a day to do an edge purge. I checked the live version with:
curl -i -XGET https://live-version-container-hash.ssl.cf3.rackcdn.com/pseudo-dir1/psuedo-dir2/my-site-icons.ttf
在上传时设置文件响应标头
我决定在上传文件时添加一个版本并添加标题: / p>
Setting file response headers on upload
I settled on adding a version to my file and adding the headers during the upload:
curl -i -XPUT -H "x-auth-token: my-auth-token" -H "Access-Control-Expose-Headers: Access-Control-Allow-Origin" -H "Access-Control-Allow-Origin: *" https://storage101.lon3.clouddrive.com/v1/MossoCloudFS_my-end-point/container/pseudo-dir1/psuedo-dir2/my-site-icons1.0.0.ttf -T my-site-icons.tff
从位于 my-site-icons.tff 文件所在的本地目录执行
Performed from my local directory where the file my-site-icons.tff was located
这篇关于跨源资源共享(Access-Control-Allow-Origin头)Rackspace Cloudfiles CDN的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
