预检响应

时间:2016-01-06 22:30:58

标签: ruby-on-rails amazon-web-services amazon-s3 cors amazon-cloudfront

我知道这个问题已在此列举:Amazon S3 CORS (Cross-Origin Resource Sharing) and Firefox cross-domain font loading

我还阅读了亚马逊和Cloudfront的无数文档以及几乎所有关于此错误的SO帖子。可能,我错过了一个令人沮丧的细节。

我的S3本身工作正常。如果我通过我的CDN CloudFront过滤,那么我的请求将返回:

XMLHttpRequest cannot load -- Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response.

当我卷起我的桶时,回复是:

> curl -I -H "Origin: https://subdomain.mywebsite.com" http://my_bucket.s3.amazonaws.com/quizzes/74/story.html?AWSAccessKeyId=AKIAIFSDFYEMNTQ%26Expires=1452124428%26Signature=MFXEAkrmPSSDxmKkomk4c71XaMCMEs%3D%26endpoint=https%3A%2F%2Fsubdomain.mywebsite.com%2Fquizzes%2F%26member_id=11270%26quiz_id=12787
HTTP/1.1 200 OK
x-amz-id-2: iurSjdcxVZy52sk+rADAMlNbGql3uw2KecZDDjh4WsXxpZgBXZyyWSBerZT9DZrFmHJVloQFsg8=
x-amz-request-id: AE0BEAFE51F3F358
Date: Wed, 06 Jan 2016 21:59:23 GMT
Access-Control-Allow-Origin: https://subdomain.mywebsite.com
Access-Control-Allow-Methods: HEAD, POST, PUT, DELETE
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Sat, 22 Aug 2015 14:31:06 GMT
ETag: "429df932eeaf13bb7985d6b8f204a82f"
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 4331
Server: AmazonS3

当我卷曲我的CDN,Cloudfront时 - 回复是:

ॐ > curl -I -H "Origin: https://subdomain.mywebsite.com" https://dxyszkffffxlx.cloudfront.net/quizzes/74/story.html?AWSAccessKeyId=AKIAIVSDFSDFMNTQ%26Expires=1452124428%26Signature=MFXEAkrmSDFFc71XaMCMEs%3D%26endpoint=https%3A%2F%2Fsubdomain.mywebsite.com%2Fquizzes%2F%26member_id=11270%26quiz_id=12787
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 4331
Connection: keep-alive
Date: Wed, 06 Jan 2016 22:20:49 GMT
Access-Control-Allow-Origin: https://subdomain.mywebsite.com
Access-Control-Allow-Methods: HEAD, POST, PUT, DELETE
Access-Control-Allow-Credentials: true
Last-Modified: Sat, 22 Aug 2015 14:31:06 GMT
ETag: "429df932eeaf13bb7985d6b8f204a82f"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
X-Cache: Miss from cloudfront
Via: 1.1 691e17f7f05f0a15dffffffe895c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: JFbiPxbpy-tk75u56ALfffffFlnMMrOqhvdJWbHU5z0PCXYXpEzg==

我的CORS配置:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <ID>production</ID>
        <AllowedOrigin>https://*.mywebsite.com</AllowedOrigin>
        <AllowedMethod>HEAD</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <AllowedHeader>Content-*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

任何人知道我在这里可能缺少什么吗?我尝试了很多不同的AllowedHeader选项,包括*,但都被证明没有结果。

我还确保CloudFront的行为将3个可用标题和#34; Origin&#34;,&#34;标题&#34;和&#34;方法&#34;列入白名单。我也有它转发查询字符串。

每次我做出更改时,我都确保将测试目录无效。

更新

这确实是错误:

XMLHttpRequest cannot load 
   https://subdomain.mywebsite.com/quizzes/statements/?method=PUT. 
   Request header field Content-Type is not allowed by 
   Access-Control-Allow-Headers in preflight response.

我在这里模仿确切的电话:

curl -H "Access-Control-Allow-Headers:x-requested-with" \
 -H "Origin: https://xhe4ht8dk5.cloudfront.net" \
 -H "Access-Control-Allow-Methods:GET" \
 -H "Access-Control-Allow-Origin:*" \
 -H "Access-Control-Request-Headers:content-type" \
 -H "Access-Control-Max-Age:3628800" \
 -I -X OPTIONS --verbose \
 https://subdomain.mywebsite.com/quizzes/activities/state?method=GET

返回:

 >  https://subdomain.mywebsite.com/quizzes/activities/state?method=GET
*   Trying 107.21.92.91...
* Connected to subdomain.mywebsite.com (66.24.92.91) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: *.mywebsite.com
* Server certificate: Go Daddy Secure Certificate Authority - G2
* Server certificate: Go Daddy Root Certificate Authority - G2
> OPTIONS /quizzes/activities/state?method=GET HTTP/1.1
> Host: mysubdomain.mywebsite.com
> User-Agent: curl/7.43.0
> Accept: */*
> Access-Control-Allow-Headers:x-requested-with
> Origin: https://xhe4ht8dk5.cloudfront.net
> Access-Control-Allow-Methods:GET
> Access-Control-Allow-Origin:*
> Access-Control-Request-Headers:content-type
> Access-Control-Max-Age:3628800
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Thu, 07 Jan 2016 23:37:37 GMT
Date: Thu, 07 Jan 2016 23:37:37 GMT
< Connection: close
Connection: close
< Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
Access-Control-Allow-Methods: GET
< Access-Control-Allow-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
< Access-Control-Max-Age: 3628800
Access-Control-Max-Age: 3628800
< Server: thin
Server: thin
< Via: 1.1 vegur
Via: 1.1 vegur

< 
* Closing connection 0

0 个答案:

没有答案
相关问题
最新问题