我真的很难让 Cloudfront 和 S3 将 Access-Control-Allow-Origin: * 添加到存储在 S3 上的视频文件的标题中(对于 iPhone 上的内联视频 - 似乎在其他地方都可以使用,但内联视频只能在来自同一域的 iPhone 上使用,因此假设它与 CORS 有关)。
只有存储桶中的第一个文件具有正确的标题
curl -I -H "Origin: https
://example.com" http://cdn.example.com/0000d723-5c73-4d71-953c-d7e29e70f17b.jpg
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 80962
Connection: keep-alive
Date: Thu, 02 Jun 2016 00:38:50 GMT
Access-Control-Allow-Origin: https://beek.co
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
x-amz-meta-md5-hash: 18692618d1f6865694f08fb2dcd12201
Last-Modified: Wed, 15 Feb 2012 03:08:14 GMT
ETag: "18692618d1f6865694f08fb2dcd12201"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Age: 63
X-Cache: Hit from cloudfront
Via: 1.1 284d225e590e6583c457dc0182ee6fe7.cloudfront.net (CloudFront)
X-Amz-Cf-Id: n9NmaT8pwHg5BZmZqoPAxUlGBiLR7BqD5rxodzjfpKi2mFthhGzGyw==
但其他人却没有
curl -I -H "Origin: https
://beek.co" http://cdn.example.co/93bd51ac-5a8c-4c08-ac67-42ee5e596477.mp4
HTTP/1.1 200 OK
Content-Type: video/mp4
Content-Length: 44751245
Connection: keep-alive
Date: Thu, 02 Jun 2016 00:40:47 GMT
x-amz-meta-md5-hash: 6d64731504361705258f2b0f9023bd98
Last-Modified: Wed, 16 Mar 2016 20:29:25 GMT
ETag: "6d64731504361705258f2b0f9023bd98"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 4f2b51b0906eb4177f90fe010732e8a3.cloudfront.net (CloudFront)
X-Amz-Cf-Id: QhBT8ejONAUu5oxzvVXtzC0viSLxGRdBk0Rbq6yRdbxs9TTD7abawA==
存储桶是“示例资产”
存储桶策略是
{
"Version": "2008-10-17",
"Id": "http referer policy example",
"Statement": [
{
"Sid": "readonly policy",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-assets/*"
}
]
}
CORS 配置是
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Cloudfront 发行版已将“origin”添加到白名单中,并进行了相应的设置。我也尝试添加其他两个,但似乎没有任何区别。
我错过了什么?
答案1
我遇到了一个可能类似的问题。CORS 是一个问题,但仅限于 S3 存储桶中的某些文件。删除存在 CORS 问题的文件、再次同步并使 CloudFront 无效,这为我解决了这个问题。