Ale*_*lin 12 google-chrome amazon-s3 cross-domain chromium cors
我遇到了Chrome的一个问题,我似乎无法完全理解,我很好奇,如果这里的人们已经处理过它.这不会在Firefox中重现.步骤如下:
开启无痕浏览器,浏览到https://foo.mysite.com并有JS在页面上做一个GET Ajax请求S3的https://s3.amazonaws.com/mystuff/file.json.您回复200响应:
HTTP/1.1 200 OK
x-amz-id-2: somestuffhere
x-amz-request-id: somestuffhere
Date: Tue, 14 Oct 2014 03:06:41 GMT
Access-Control-Allow-Origin: https://foo.mysite.com
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Cache-Control: max-age=86400
Content-Encoding: gzip
Last-Modified: Sun, 05 Oct 2014 00:29:53 GMT
ETag: "fe76607baa40a793eb3b3cbd373a3fb8"
Accept-Ranges: bytes
Content-Type: application/json
Content-Length: 5609
Server: AmazonS3
打开第二个选项卡,导航到https://bar.mysite.com并让其JS向同一个文件https://s3.amazonaws.com/mystuff/file.json向S3发出GET ajax请求.取回以下304响应:
HTTP/1.1 304 Not Modified
x-amz-id-2: somestuffhere
x-amz-request-id: somestuffhere
Date: Tue, 14 Oct 2014 03:06:58 GMT
Access-Control-Allow-Origin: https://bar.mysite.com
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Cache-Control: max-age=86400
Last-Modified: Sun, 05 Oct 2014 00:29:53 GMT
ETag: "fe76607baa40a793eb3b3cbd373a3fb8"
Server: AmazonS3
打开第三个选项卡,导航到https://foo.mysite.com(第一个站点)并重复与1中相同的步骤.Chrome以CORS原因杀死响应并报告以下内容:
XMLHttpRequest cannot load https://s3.amazonaws.com/mystuff/file.json. The 'Access-Control-Allow-Origin' header has a value 'https://bar.mysite.com' that is not equal to the supplied origin. Origin 'https://foo.mysite.com' is therefore not allowed access.
这是什么故事?这不会在Firefox中重现.在Firefox中,我很高兴在第2步和第3步中得到304,我希望在Chrome中看到它.
针对此问题在Chrome中暂时的解决办法是设置缓存控制:无缓存在S3中的文件,但后来我迫使客户重新下载没有很好的理由,文件,所以它不是一个真正的解决办法.
这是有意和记录的行为吗?这是Chrome的错误吗?还有其他想法吗?
| 归档时间: |
|
| 查看次数: |
6339 次 |
| 最近记录: |