Опитвам се да настроя CloudFront през S3 и се натъкнах на следния проблем.
Искам изображения и текстови файлове в различни домейни. Понякога заявките към файловете се правят с помощта на XHR, а понякога чрез вграждане на тагове за изображения.
Проблемът, който виждам, е, че ако се направи заявка към актив чрез XHR, тя включва заглавката „Origin
“, а отговорът има правилното „Access-Control-Allow-Origin
“. И ако поискам същия актив след това, без да включвам заглавката „Origin
“, той отговаря правилно без заглавка „Access-Control-Allow-Origin
“. НО... ако направя друга заявка чрез XHR, включително заглавката „Origin
“ към същия URL адрес, тя връща неправилен отговор БЕЗ „Access-Control-Allow-Origin
“ завинаги.
Имам настройка на CloudFront със заглавки „Origin
“ в белия списък и не кеширам OPTIONS
.
Моята S3 CORS политика:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>60</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
И ето пример за cURL:
Направете заявка чрез XHR
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:42:56 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 60
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Origin
X-Cache: Miss from cloudfront
Via: 1.1 8d45ffe3c8bfd31eef4b048ab3ea99b2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: lY4reBVHrFq3MVgdFLx4LvbaOj8UnypXIHxBRvUN4TkkXzyHVmQcmQ==
Content-Length: 4
Connection: Keep-Alive
Повторете заявката (обърнете внимание на попадението в кеша)
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:42:56 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 60
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
Age: 6
Vary: Origin
X-Cache: Hit from cloudfront
Via: 1.1 90d8e168b0948a3eb36a451ebb27f4f9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: cU-TCt-_5MsdLUrUqQk7_HLCUVyNEWOWW2ET19--Pc6j4M-8LkfsyQ==
Content-Length: 4
Connection: Keep-Alive
Направете заявка БЕЗ заглавка Origin
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 0
Повторете заявката БЕЗ Origin
заглавка
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 3
Направете заявка С Origin
заглавка. Липсва бележка Access-Control-Allow-Origin
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 9
Същата заявка С Origin
заглавка. Забележете, че липсват Access-Control-Allow-Origin
и Cache-miss
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 14
X-Cache: Miss from cloudfront
(Cloudfront не е имал копие на заявения обект в кеша) ... иAge: 14
(Това копие на искания обект се намира в кеша за 14 секунди.) Подозирам маймунска работа от страна на вашата мрежа или интернет доставчик. Сякаш между вас и Cloudfront има вграден (най-вече) прозрачен кеш. - person Michael - sqlbot   schedule 23.08.2015X-Amz-Cf-Id
в множество различни отговори. Ако не сте променили нито една от тези заглавки, тук има нещо много сериозно нередно и съм склонен да не мисля, че е Cloudfront или S3. Вижте дали можете да дублирате това с HTTPS, тъй като е по-малко податливо на подобно подправяне. - person Michael - sqlbot   schedule 23.08.2015