S3没有返回访​​问控制 - 允许 - 产地标头吗？ [英] S3 not returning Access-Control-Allow-Origin headers?

问题描述

我无法强迫S3在所有它从一个水桶返回，虽然CORS启用对象设置CORS头，如客户端S3上传的工作，返回的对象没有CORS头！

I am having trouble forcing S3 to set CORS headers on all of the objects it returns from a bucket, though CORS is enabled, as client-side S3 uploads is working, the returned objects do not have CORS headers!

我已经启用的政策是：

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

这是例子对象网址<一href="https://s3.amazonaws.com/captionable/meme/test">https://s3.amazonaws.com/captionable/meme/test

有谁知道什么是错？

推荐答案

我测试示例资源与HTTP客户端，我认为政策是工作的罚款。但是，你需要发送一个原产地头的每个请求。如果没有原产地头被发送，访问控制响应标头将不会发送，因为它们是不相关的。浏览器（对于此机制是），将通过做XMLHTT prequest跨域的HTTP请求时，会自动执行此操作。

I tested the example resource with a HTTP client, and I think the policy is working fine. However, you need to send an Origin header with every request. If no Origin header is sent, access-control response headers won't be sent, because they are irrelevant. A browser (for which this mechanism is meant) will do this automatically when doing cross-origin HTTP requests through XMLHTTPRequest.

这篇关于S3没有返回访​​问控制 - 允许 - 产地标头吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！