我正在http://www.my-example.com托管一个节点/快递应用程序,我所有的静态内容(图片,css,字体)都是从Amazon S3的一个名为assets的存储桶中提供的。我的图像存在于存储桶内的images文件夹中。我为我的存储桶定义了以下CORS:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://www.my-example.com</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
我明白了,
XMLHttpRequest cannot load https://s3-us-west-1.amazonaws.com/assets/images/... no access control origin header is present img标记请求的图像,而不适用于任何其他静态内容(标题中的css /字体等)为什么服务器只选择性地为图像发送Cross Origin响应?我是否需要更改我的快递应用程序以发送'Access-Control-Allow-Origin: "*"标题(尽管配置了S3存储桶)?
修改
Request URL: https://s3-us-west-1.amazonaws.com/3dthon/images/social/icons/twitter.png
Request Method: Head
Status: 200
以下是请求和响应标头:
Host: s3-us-west-1.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.3dthon.com/
Origin: http://www.3dthon.com
Connection: keep-alive
和
Accept-Ranges: bytes
Content-Length: 3447
Content-Type: image/png
Date: Thu, 14 May 2015 16:20:09 GMT
Etag: "22705eae93b8bbe50f5c81bdf4bac99d"
Last-Modified: Thu, 13 Mar 2014 19:09:21 GMT
Server: AmazonS3
x-amz-id-2: wrI2iITNNyruw91x1kHbvCtpHqCIbDumjpB/9BjK04EGmXp7NM5sGrOrxhj7Iv95nSx0Tt9wGiQ=x-amz-request-id: 9B840AA64CD6B3D2