用于文件上载的PreSigned S3 URL的CORS问题

时间:2017-07-24 17:55:56

标签: ajax django amazon-s3 cors

我尝试在eu-west-2区域的S3存储桶中上传文件:

在我编码的django-view中:

try:
    S3url = conn.generate_url_sigv4(secondsPerDay, "PUT", bucket=settings.AWS_STORAGE_BUCKET_NAME, key=path, force_http=True)
except:
    print "generate_url_sigv4 failed"
else:
    print "generate_url_sigv4 OK"
    print S3url

然后我生成预先签名的网址

curl -v -T "0.MOV" --header "Content-Type:binary/octet-stream" "https://MyBucketName.s3-eu-west-2.amazonaws.com/pathtofile/0.mp4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=AWSsignature&X-Amz-Date=20170724T122024Z&X-Amz-Credential=MyKey%2Feu-west-2%2Fs3%2Faws4_request"

和S3url是:     S3url = https://MyBucketName.s3-eu-west-2.amazonaws.com/pathtofile/0.MOV?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=86400&X-Amz-SignedHeaders=host&X-Amz-Signature=AWSsignature&X-Amz-Date=20170724T120524Z&X-Amz-Credential=MyKey%2F20170724%2Feu-west-2%2Fs3%2Faws4_request

使用Curl我可以上传视频文件:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8000' is therefore not allowed access. The response had HTTP status code 403.

所以对我来说,在django / python中生成预先签名的网址是可以的。

顺便感谢How to properly upload an object to AWS S3?贡献者

当我尝试使用预先指定的url和ajax请求时出现问题。 谷歌浏览器声明:

settings = $.extend(true, {}, {
    xhr: function () {
        var xhrobj = $.ajaxSettings.xhr();
        return self._initXhr(xhrobj, previewId, self.getFileStack().length);
    },
    url:S3url,
    type: 'PUT',
    cache: false,
    processData: false,
    success: fnSuccess,
    complete: fnComplete,
    error: fnError,
    crossDomain: true,
    headers: {
            'Access-Control-Allow-Headers': '*',
            'Content-Type': 'binary/octet-stream',
        },
}, self.ajaxSettings);

self.ajaxRequests.push($.ajax(settings));

我尝试了很多

的组合
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    **<AllowedMethod>PUT</AllowedMethod>**
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>

显然,浏览器和curl阻止了对另一台服务器的请求。 该网页来自http://127.0.0.1:8000,请求是针对s3-eu-west-2.amazonaws.com。

Curl不采取这种预防措施。

顺便说一句,我这样配置S3存储桶:

rails db:migrate

这是defaut配置,除了我添加 / 行。

那我怎么能解决这个CORS问题,我错过了什么?

由于

0 个答案:

没有答案