我正在使用AWS S3托管我的网站,并使用以下CORS设置设置我的存储桶:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
当我尝试下载使用JavaScript库文件保存在我的EC2实例上保存的文件时,我会收到以下错误:
Access to XMLHttpRequest at 'EC2-Instance' from origin 'S3-Bucket' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
引起文件放大错误的行是:
function d(a) {
var b = new XMLHttpRequest();
return b.open("HEAD", a, !1), b.send(), 200 <= b.status && 299 >= b.status; <-- This line
}
当我用冗长的卷曲中模拟请求时,我会得到以下信息:
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD
< Access-Control-Max-Age: 3000
< Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
知道为什么我仍然会遇到此错误?
编辑:
我尝试了以下请求以查看标题详细信息:
curl -H "Access-Control-Request-Method: GET" -H "Origin: S3 Bucket" --head -IXHEAD EC2_Instance
,由于某种原因,请在没有CORS信息的情况下获取以下信息:
HTTP/1.1 200 OK
Server: nginx/1.15.8
Date: Sun, 24 Feb 2019 04:38:20 GMT
Content-Type: application/octet-stream
Content-Length: 6950
Last-Modified: Sat, 23 Feb 2019 22:35:01 GMT
Connection: keep-alive
ETag: "5c71ca95-1b26"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: private
Accept-Ranges: bytes
s3如果通配符 *喜欢的情况下,请勿发送'access-control-wall-allow-origin'标头:
:<AllowedOrigin>*</AllowedOrigin>
强制S3发送允许的果蛋白标头,并从任何站点加载您的内容,请尝试以下操作:
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>
我认为一个人会起作用..!