Amazon S3 CORS适用于HTTP但不适用于HTTPS

时间:2015-06-20 09:44:05

标签: amazon-s3

我可以让Amazon S3通过http传递CORS标头,但不能通过https传递。如何让它与两者兼容?如果我们将Akamai用作CDN会怎样?

这是我的水桶配置:

n

这是我的测试。它们之间的唯一区别是一个使用http,另一个使用https。两种资源在浏览器中加载都很好,但我想在CORS设置中使用它们,它可以是https。 

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
   <CORSRule>
        <AllowedOrigin>https://*</AllowedOrigin>
        <AllowedOrigin>http://*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule> 
</CORSConfiguration>

请注意,第一个请求包含所需的pnore@mbp> curl -i -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -H 'Pragma: no-cache' --verbose http://my.custom.domain/path/to/file/in/bucket | head -n 15 * Adding handle: conn: 0x7fee83803a00 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x7fee83803a00) send_pipe: 1, recv_pipe: 0 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to my.custom.domain port 80 (#0) * Trying 23.23.23.23... * Connected to my.custom.domain (23.23.23.23) port 80 (#0) 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0> GET /path/to/file/in/bucket HTTP/1.1 > User-Agent: curl/7.30.0 > Host: my.custom.domain > Accept: */* > Origin: http://example.com > Access-Control-Request-Method: GET > Pragma: no-cache > < HTTP/1.1 200 OK < x-amz-id-2: random < x-amz-request-id: random < Access-Control-Allow-Origin: http://example.com < Access-Control-Allow-Methods: GET < Access-Control-Max-Age: 3000 < Access-Control-Allow-Credentials: true < Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method < Last-Modified: Tue, 10 Jun 2014 15:34:38 GMT < ETag: "random" < Accept-Ranges: bytes < Content-Type: video/webm < Content-Length: 8981905 * Server AmazonS3 is not blacklisted < Server: AmazonS3 < Date: Fri, 19 Jun 2015 21:31:22 GMT < Connection: keep-alive < { [data not shown] HTTP/1.1 200 OK x-amz-id-2: random x-amz-request-id: random Access-Control-Allow-Origin: http://example.com Access-Control-Allow-Methods: GET Access-Control-Max-Age: 3000 Access-Control-Allow-Credentials: true Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method Last-Modified: Tue, 10 Jun 2014 15:34:38 GMT ETag: "random" Accept-Ranges: bytes Content-Type: video/webm Content-Length: 8981905 Server: AmazonS3 Date: Fri, 19 Jun 2015 21:31:22 GMT ... pnore@mbp> curl -i -H "Origin: http://example.com" -H "Access-Control-Request-Method: GET" -H 'Pragma: no-cache' --verbose https://my.custom.comain/path/to/file/in/bucket | head -n 15 * Adding handle: conn: 0x7fd24380c000 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x7fd24380c000) send_pipe: 1, recv_pipe: 0 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to my.custom.domain port 443 (#0) * Trying 23.23.23.23... * Connected to my.custom.domain (23.23.23.23) port 443 (#0) * TLS 1.2 connection using TLS_RSA_WITH_AES_256_CBC_SHA * Server certificate: my.custom.domain * Server certificate: GeoTrust SSL CA - G4 * Server certificate: GeoTrust Global CA > GET /path/to/file/in/bucket HTTP/1.1 > User-Agent: curl/7.30.0 > Host: my.custom.domain > Accept: */* > Origin: http://example.com > Access-Control-Request-Method: GET > Pragma: no-cache > < HTTP/1.1 200 OK < x-amz-id-2: < x-amz-request-id: < Last-Modified: Tue, 10 Jun 2014 15:34:38 GMT < ETag: "random" < Accept-Ranges: bytes < Content-Type: video/webm < Content-Length: 8981905 * Server AmazonS3 is not blacklisted < Server: AmazonS3 < Date: Fri, 19 Jun 2015 21:31:29 GMT < Connection: keep-alive < { [data not shown] HTTP/1.1 200 OK x-amz-id-2: x-amz-request-id: Last-Modified: Tue, 10 Jun 2014 15:34:38 GMT ETag: "random" Accept-Ranges: bytes Content-Type: video/webm Content-Length: 8981905 Server: AmazonS3 Date: Fri, 19 Jun 2015 21:31:29 GMT Connection: keep-alive ... 标头,第二个请求包含所需的Access-Control-Allow-Origin标头。

我还尝试了<AllowedOrigin>*</AllowedOrigin>并为每个<CORSRule>使用了不同的<AllowedOrigin>块。

参考资料我已检查过:

  1. Getting S3 CORS Access-Control-Allow-Origin to dynamically echo requesting domain 1
  2. Amazon S3 CORS (Cross-Origin Resource Sharing) and Firefox cross-domain font loading 1
  3. Getting S3 CORS Access-Control-Allow-Origin to dynamically echo requesting domain
  4. Aws S3 Bucket CORS configuration is not saving properly
  5. http://blog.errorception.com/2014/11/enabling-cors-on-amazon-cloudfront-with.html
  6. Correct S3 + Cloudfront CORS Configuration?
  7. https://forums.aws.amazon.com/thread.jspa?messageID=377513
  8. How to Configure SSL for Amazon S3 bucket
  9. HTTPS for Amazon S3 static website
  10. SSL on Amazon S3 as "static website"

1 个答案:

答案 0 :(得分:2)

我找不到明确提到它的文档,但看起来该桶的CORS配置只允许每个<AllowedOrigin>元素条目<CORSRule><CORSRule>。配置中最多允许100个http个条目。因此,为了让您的配置同时支持https<CORSRule>,您应该创建两个 <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <CORSRule> <AllowedOrigin>https://*</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> <MaxAgeSeconds>3000</MaxAgeSeconds> <AllowedHeader>*</AllowedHeader> </CORSRule> <CORSRule> <AllowedOrigin>http://*</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> <MaxAgeSeconds>3000</MaxAgeSeconds> <AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration> 条目,如下所示:

<AllowedOrigin>//*</AllowedOrigin>

FWIW,我还没有尝试过,但配置也可能支持协议不可知的格式,例如:只需{{1}}。

相关问题
最新问题