经过一些调整,我似乎已经成功地让它工作了,而不需要查询字符串 hack。更多信息请参见:http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorS3Origin.html#RequestS3-cors
我将逐步介绍整个设置过程,以便易于查看我所做的事情,希望这对其他人有所帮助。
背景信息:
我正在使用一个带有 asset_sync gem 的 Rails 应用程序,将资产放入 S3 中。其中包括字体文件。
在 S3 控制台中,我点击了我的 bucket、属性和“编辑 cors 配置”,如下图所示:![CORS config button](https://istack.dev59.com/PGuNA.webp)
在文本区域内,我有如下内容:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>https://*.example.com</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
接下来,在Cloudfront面板(https://console.aws.amazon.com/cloudfront/home)中,我创建了一个分发,添加了一个指向我的S3存储桶的源地址。
![adding an origin](https://istack.dev59.com/kTqYh.webp)
然后为默认路径添加了一个行为,以指向我设置的基于S3的源地址。 我还点击了“白名单标头”并添加了 Origin
:
![adding a behavior and whitelist headers](https://istack.dev59.com/JV9qe.webp)
现在发生的情况是我认为是正确的:
1)检查S3标头是否被正确设置。
curl -i -H "Origin: https://example.com" https://s3.amazonaws.com/xxxxxxxxx/assets/fonts/my-cool-font.ttf
HTTP/1.1 200 OK
x-amz-id-2: Ay63Qb5uR98ag47SRJ91+YALtc4onRu1JUJgMTU98Es/pzQ3ckmuWhzzbTgDTCt+
x-amz-request-id: F1FFE275C0FBE500
Date: Thu, 14 Aug 2014 09:39:40 GMT
Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=180
Last-Modified: Mon, 09 Dec 2013 14:29:04 GMT
ETag: "98918ee7f339c7534c34b9f5a448c3e2"
Accept-Ranges: bytes
Content-Type: application/x-font-ttf
Content-Length: 12156
Server: AmazonS3
2) 检查Cloudfront是否与标头一起工作
curl -i -H "Origin: https://example.com" https://xxxxx.cloudfront.net/assets/fonts/my-cool-font.ttf
HTTP/1.1 200 OK
Content-Type: application/x-font-ttf
Content-Length: 12156
Connection: keep-alive
Date: Thu, 14 Aug 2014 09:35:26 GMT
Access-Control-Allow-Origin: https://example.com
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=180
Last-Modified: Mon, 09 Dec 2013 14:29:04 GMT
ETag: "98918ee7f339c7534c34b9f5a448c3e2"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Origin
X-Cache: Miss from cloudfront
Via: 1.1 77bdacfea247b6cbe84dffa61da5a554.cloudfront.net (CloudFront)
X-Amz-Cf-Id: cmCxaUcFf3bT48zpPw0Q-vDDza0nZoWm9-_3qY5pJBhj64iTpkgMlg==
(请注意,上述情况是由于CloudFront的错误,因为这些文件被缓存了180秒,但相同的文件在命中时可以正常工作)
3)使用不同的来源命中CloudFront(但该来源在S3存储桶的CORS中被允许)- Access-Control-Allow-Origin
未被缓存!耶!
curl -i -H "Origin: https://www2.example.com" https://xxxxx.cloudfront.net/assets/fonts/my-cool-font.ttf
HTTP/1.1 200 OK
Content-Type: application/x-font-ttf
Content-Length: 12156
Connection: keep-alive
Date: Thu, 14 Aug 2014 10:02:33 GMT
Access-Control-Allow-Origin: https://www2.example.com
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
Cache-Control: public, must-revalidate, proxy-revalidate, max-age=180
Last-Modified: Mon, 09 Dec 2013 14:29:04 GMT
ETag: "98918ee7f339c7534c34b9f5a448c3e2"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Origin
X-Cache: Miss from cloudfront
Via: 1.1 ba7014bad8e9bf2ed075d09443dcc4f1.cloudfront.net (CloudFront)
X-Amz-Cf-Id: vy-UccJ094cjdbdT0tcKuil22XYwWdIECdBZ_5hqoTjr0tNH80NQPg==
请注意,上面的域名已成功更改,而没有使用查询字符串黑客技巧。
当我更改Origin头时,第一次请求似乎总会有一个X-Cache: Miss from cloudfront
,然后之后我获得了预期的X-Cache: Hit from cloudfront
附:值得注意的是,当使用curl -I(大写的I)时,不会显示Access-Control-Allow-Origin头,因为它只是一个HEAD,我使用-i将其变成GET并向上滚动。
Access-Control-Allow-Origin
头被缓存并使CORS失效? - Oleg