AWS S3 - CORS选项在DELETE w/VersionId期间预检投掷400错误请求

Question

AWS S3 - CORS选项在DELETE w/VersionId期间预检投掷400错误请求

Thi*_*Six 21 javascript xmlhttprequest amazon-s3 amazon-web-services cors

我正在使用对象的Key和删除标记的VersionID尝试删除标记的deleteObject请求.

由于CORS,浏览器(Chrome 34.0.1847.11)向以下网址发送OPTIONS预检请求:http://bucket.s3-us-west-2.amazonaws.com/Folder/File.ext？versionId = 0123456789

Amazon S3使用以下XML主体响应400(错误请求):

<?xml version="1.0" encoding="UTF-8"?>
<Error>
    <Code>InvalidArgument</Code>
    <Message>This operation does not accept a version-id.</Message>
    <ArgumentValue>0123456789</ArgumentValue>
    <ArgumentName>versionId</ArgumentName>
    <RequestId>12345</RequestId>
    <HostId>1122334455</HostId>
</Error>

Run Code Online (Sandbox Code Playgroud)

因为XMLHttpRequest返回400(错误请求),所以DELETE请求永远不会被执行.我的印象是AWS没有正确处理选项请求.如果有解决方法,那就太棒了!

我当前的CORS策略是:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>HEAD</AllowedMethod>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

Run Code Online (Sandbox Code Playgroud)

仅供参考:我正在使用AWS SDK for JS 2.0.0-rc10

先感谢您.

编辑1:我尝试添加,<AllowedMethod>OPTIONS</AllowedMethod>但亚马逊返回Found unsupported HTTP method in CORS config. Unsupported method is OPTIONS

编辑2:

选项请求/响应标头:

Remote Address: *********:443
Request URL: https://bucket.s3-us-west-2.amazonaws.com/path/to/file_name?versionId=0123456789
Request Method: OPTIONS
Status Code: 400 Bad Request

Request Headers
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Access-Control-Request-Headers: x-amz-user-agent, x-amz-security-token, x-amz-date, authorization, content-type
Access-Control-Request-Method: DELETE
Cache-Control: no-cache
Connection: keep-alive
DNT: 1
Host: bucket.s3-us-west-2.amazonaws.com
Origin: https://website.com
Pragma: no-cache
Referer: https://website.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.60 Safari/537.36
Query String Parameters
versionId: 0123456789

Response Headers
Access-Control-Allow-Headers: x-amz-user-agent, x-amz-security-token, x-amz-date, authorization, content-type
Access-Control-Allow-Methods: HEAD, GET, PUT, POST, DELETE
Access-Control-Allow-Origin: *
Connection: close
Content-Type: application/xml
Date: Tue, 18 Mar 2014 23:59:15 GMT
Server: AmazonS3
Transfer-Encoding: chunked
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-id-2: *************************
x-amz-request-id: ***********

Run Code Online (Sandbox Code Playgroud)

由于OPTIONS失败,删除请求实际上不会发生.

Answer 1

tmo*_*ont 32

我刚遇到这个问题.它只发生在Chrome上.这太棒了.

解决方案是将以下内容添加到<CORSRule>AWS中的相关配置中:

<AllowedHeader>*</AllowedHeader>

Run Code Online (Sandbox Code Playgroud)

这使得Chrome不会发送OPTIONS请求,一切都应该正常运行.

已经有这个设置,但没有解决问题:( (11认同)
这没有帮助。我希望如此。 (5认同)
@tmont我真的怀疑S3存储桶上的CORS规则会让Chrome停止发送OPTIONS请求，因为Chrome首先不知道这个规则，而OPTIONS是预检方法——根据我对机制的理解，它必须始终执行。 (4认同)
作为评论,这个配置是通过转到你的s3存储桶,点击"属性","权限"和"编辑CORS配置"来设置的. (3认同)

归档时间：	11 年，8 月前
查看次数：	13838 次
最近记录：	6 年，7 月前