我在我的网站上使用fine-uploader(5.1.3)将文件上传到我的Amazon S3存储桶。
这一切都运行良好,但我现在正在将我的整个网站放在HTTPS中。完成此操作并通过https访问上传页面时,无论何时用户尝试上传图像,我都会收到以下错误/调试输出:
错误:
https://mywebsite.bucket.bucketname.s3-eu-west-1.amazonaws.com/ net::ERR_INSECURE_RESPONSE
完整调试输出:
[Fine Uploader 5.1.3] Parsing template
[Fine Uploader 5.1.3] Template parsing complete
[Fine Uploader 5.1.3] Rendering template in DOM.
[Fine Uploader 5.1.3] Template rendering complete
[Fine Uploader 5.1.3] Received 1 files.
[Fine Uploader 5.1.3] Attempting to validate image.
[Fine Uploader 5.1.3] Attempting to generate a blob on-demand for 0
[Fine Uploader 5.1.3] Attempting to generate scaled version for my_image.jpg
[Fine Uploader 5.1.3] Attempting to draw client-side image preview.
[Fine Uploader 5.1.3] Attempting to determine if my_image.jpg can be rendered in this browser
[Fine Uploader 5.1.3] First pass: check type attribute of blob object.
[Fine Uploader 5.1.3] Second pass: check for magic bytes in file header.
[Fine Uploader 5.1.3] 'my_image.jpg' is able to be rendered in this browser
[Fine Uploader 5.1.3] Moving forward with EXIF header parsing for 'my_image.jpg'
[Fine Uploader 5.1.3] EXIF Byte order is big endian
[Fine Uploader 5.1.3] Found 12 APP1 directory entries
[Fine Uploader 5.1.3] Successfully parsed some EXIF tags
[Fine Uploader 5.1.3] Success generating scaled version for my_image.jpg
[Fine Uploader 5.1.3] Generated an on-demand blob for 0
[Fine Uploader 5.1.3] Maybe ready to upload proxy group file 0
[Fine Uploader 5.1.3] Sending simple upload request for 0
[Fine Uploader 5.1.3] Submitting S3 signature request for 0
[Fine Uploader 5.1.3] Sending POST request for 0
[Fine Uploader 5.1.3] Sending upload request for 0
https://mywebsite.bucket.bucketname.s3-eu-west-1.amazonaws.com/ net::ERR_INSECURE_RESPONSE
[Fine Uploader 5.1.3] Received response status 0 with body:
[Fine Uploader 5.1.3] Simple upload request failed for 0
[Fine Uploader 5.1.3] Generated blob upload has ended for 0, disposing generated blob.
我已将端点更改为包含https。当页面在HTTP中时,它完全正常,但不是HTTPS。
我是否需要更改任何其他参考/文件?
我对亚马逊的政策是:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mywebsite.bucket.bucketname/*"
}
]
}
我已经在亚马逊的cors配置中添加了我的网站的https版本,完整配置如下:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://www.mywebsite.com</AllowedOrigin>
<AllowedOrigin>http://mywebsite.com</AllowedOrigin>
<AllowedOrigin>https://www.mywebsite.com</AllowedOrigin>
<AllowedOrigin>https://mywebsite.com</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<ExposeHeader>ETag</ExposeHeader>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
答案 0 :(得分:0)
您的存储桶名称“storage.bucket.customer”对于SSL连接无效。来自S3 bucket restrictions page:
使用带有SSL的虚拟托管样式存储桶时,SSL通配符证书仅匹配不包含句点的存储桶。要解决此问题,请使用HTTP或编写自己的证书验证逻辑。我们建议您不要在存储桶名称中使用句点(“。”)。
如果您检查HTTP响应,您可能会看到与此问题相关的更多信息。