我有一个jscropper的问题。我不知道为什么我在控制台收到消息
无法加载https://cdn.dmove.it/images/409/foto1.jpg:否 请求中存在“Access-Control-Allow-Origin”标头 资源。因此不允许来源“https://www.dmove.it” 访问。
我尝试阅读任何答案,我明白这是一个Cors问题,但是Cors的配置还可以。
curl -H "Origin: https://www.dmove.it" --verbose --head \
https://cdn.dmove.it/images/412/ionity-cop.jpg >> debugcors.txt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 13.32.176.105...
* Connected to cdn.dmove.it (13.32.176.105) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 596 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: cdn.dmove.it (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: CN=cdn.dmove.it
* start date: Wed, 11 Oct 2017 00:00:00 GMT
* expire date: Sun, 11 Nov 2018 12:00:00 GMT
* issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon
* compression: NULL
* ALPN, server accepted to use http/1.1
> HEAD /images/412/ionity-cop.jpg HTTP/1.1
> Host: cdn.dmove.it
> User-Agent: curl/7.47.0
> Accept: */*
> Origin: https://www.dmove.it
>
< HTTP/1.1 200 OK
< Content-Type: image/jpeg
< Content-Length: 113702
< Connection: keep-alive
< Date: Sat, 04 Nov 2017 10:03:51 GMT
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD
< Access-Control-Max-Age: 3000
< Last-Modified: Fri, 03 Nov 2017 21:41:43 GMT
< ETag: "837db6c7a1ae9c54387629ff42fa3684"
< Cache-Control: max-age=315576000
< Accept-Ranges: bytes
< Server: AmazonS3
< Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
< Age: 620
< X-Cache: Hit from cloudfront
< Via: 1.1 4f95eb10423b781564e79d7c85f85795.cloudfront.net (CloudFront)
< X-Amz-Cf-Id: VDsmZGCzxLz5T9RCPlspCb2zyzjo7US-N5tsb605ojM3fv0jXxafxQ==
<
网站为https://www.dmove.it,分发为带有云端的S3,我在分发设置中将标题列入白名单。
怎么了?
答案 0 :(得分:0)
您可能在没有设置CORS标头的情况下点击Cloudfront缓存响应。您的浏览器也可以重复使用没有设置CORS标头的缓存响应。
添加Cloudfront&#34; Edge-To-Origin&#34; Origin头在每个请求(xhr或非xhr)上强制CORS响应头:
Origin ---> http://sub.domain.com