Amazon S3的CORS头只在选项(preflight),而不是在GET请求显示 [英] Amazon S3 CORS headers only show during OPTIONS (preflight) and not during GET request
问题描述
我有一个S3桶以下CORS的配置。
I have an S3 bucket with the following CORS config.
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
在preflight检查工作正常。
The preflight check works as expected.
★ ~$ curl -i -X OPTIONS -H "Origin: http://stackoverflow.com" -H "Access-Control-Request-Method: GET" https://s3.amazonaws.com/random-stuff-ohyea/coderot.gif
HTTP/1.1 200 OK
x-amz-id-2: H6tzMUCJtYgiCRrhj5DucMhjjYtj1kKWqL7u2yaRGEorOeKhu/sTKlgGqY7uHxQC
x-amz-request-id: E784C4373565CBE6
Date: Mon, 21 Oct 2013 22:14:18 GMT
Access-Control-Allow-Origin: http://stackoverflow.com
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Content-Length: 0
Server: AmazonS3
然而在一个GET请求的来源头部没有。
However the origin header on a GET request doesn't.
★ ~$ curl -iI -H "Origin: http://stackoverflow.com" https://s3.amazonaws.com/random-stuff-ohyea/coderot.gif
HTTP/1.1 200 OK
x-amz-id-2: KlrSviRSwq/40zPwOGp2/lJZk0J2Fyu7kOg966osOvQ2mpbpiv5BLkihGSOfoLd8
x-amz-request-id: 9D051B0001F48AB7
Date: Mon, 21 Oct 2013 22:11:57 GMT
Last-Modified: Mon, 21 Oct 2013 22:10:53 GMT
ETag: "4fa16333380378e116479646b40dd1ee"
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 1774246
Server: AmazonS3
这很重要,因为Firefox的似乎没有加载,我在我的S3存储桶的远程字体时做preflight检查。它似乎只发送原点头。
This matters because firefox doesn't seem to do preflight checks when loading remote fonts that I have in my s3 bucket. It only seems to send the origin header.
推荐答案
使用您的卷曲-II选项,你会做一个HEAD请求,而不是GET请求。所以,你不会得到CORS头。为了简化测试添加&LT; AllowedMethod&GT; HEAD&LT; / AllowedMethod&GT;
您CORS的配置,你会得到预期的结果。
With your curl -iI option you will be doing a HEAD request and not a GET request. So you will not get the CORS headers. To simplify testing add <AllowedMethod>HEAD</AllowedMethod>
to your CORS configuration and you'll get the expected results.
这篇关于Amazon S3的CORS头只在选项(preflight),而不是在GET请求显示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!