S3没有返回访问控制 - 允许 - 产地标头吗? [英] S3 not returning Access-Control-Allow-Origin headers?
问题描述
我无法强迫S3在所有它从一个水桶返回,虽然CORS启用对象设置CORS头,如客户端S3上传的工作,返回的对象没有CORS头!
I am having trouble forcing S3 to set CORS headers on all of the objects it returns from a bucket, though CORS is enabled, as client-side S3 uploads is working, the returned objects do not have CORS headers!
我已经启用的政策是:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
这是例子对象网址<一href="https://s3.amazonaws.com/captionable/meme/test">https://s3.amazonaws.com/captionable/meme/test
有谁知道什么是错?
推荐答案
我测试示例资源与HTTP客户端,我认为政策是工作的罚款。但是,你需要发送一个原产地
头的每个请求。如果没有原产地
头被发送,访问控制响应标头将不会发送,因为它们是不相关的。浏览器(对于此机制是),将通过做XMLHTT prequest跨域的HTTP请求时,会自动执行此操作。
I tested the example resource with a HTTP client, and I think the policy is working fine. However, you need to send an Origin
header with every request. If no Origin
header is sent, access-control response headers won't be sent, because they are irrelevant. A browser (for which this mechanism is meant) will do this automatically when doing cross-origin HTTP requests through XMLHTTPRequest.
这篇关于S3没有返回访问控制 - 允许 - 产地标头吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!