121*_*21c 4 google-chrome amazon-s3 cors mapbox
我正在使用 MapBox,并且希望向 AWS S3 存储桶中的地图添加一些图像。
我使用的 MapBox 函数是loadImage。loadImage 文档声明“外部域必须支持 CORS”。
我的 JS 代码类似于:
this.map.on('load', () => {
...
this.map.loadImage("https://my-test-bucket.s3-us-west-1.amazonaws.com/long-uuid-here.png", (error, image) => {
if (error) {
console.log(error)
throw error;
}
// The rest doesn't matter
...
当我的地图在 Chrome 中加载时,出现以下错误:
Access to fetch at 'https://my-test-bucket.s3-us-west-1.amazonaws.com/long-uuid-here.png' from origin 'https://localhost:7000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
我的 AWS S3 CORS 配置如下:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
使用curl -H "origin: localhost" -v "https://my-test-bucket.s3-us-west-1.amazonaws.com/long-uuid-here.png",我得到以下输出:
* Connected to my-test-bucket.s3-us-west-1.amazonaws.com (<IP HERE>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=Washington; L=Seattle; O=Amazon.com, Inc.; CN=*.s3-us-west-1.amazonaws.com
* start date: Jul 30 00:00:00 2020 GMT
* expire date: Aug 4 12:00:00 2021 GMT
* subjectAltName: host "my-test-bucket.s3-us-west-1.amazonaws.com" matched cert's "*.s3-us-west-1.amazonaws.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2
* SSL certificate verify ok.
> GET /default.jpg HTTP/1.1
> Host: my-test-bucket.s3-us-west-1.amazonaws.com
> User-Agent: curl/7.64.1
> Accept: */*
> origin: localhost
>
< HTTP/1.1 200 OK
< x-amz-id-2: bLicG+33kfSamR29vMA3BnhmSV27Afooba6yU6hVOPt0mbckO5gefhXN8Ho7hgAEP58s4hKjCf0=
< x-amz-request-id: E760D53EDC5A9804
< Date: Wed, 04 Nov 2020 22:31:38 GMT
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, PUT, POST, DELETE
< Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
< Last-Modified: Tue, 11 Aug 2020 22:37:31 GMT
< ETag: "39eb0bbf2cc33ba02f53f8585004f820"
< Accept-Ranges: bytes
< Content-Type: image/jpeg
< Content-Length: 16579
< Server: AmazonS3
所以,看起来我已经Access-Control-Allow-Origin: *从 AWS S3 服务器返回了标头。
我在 Firefox 中没有收到任何 CORS 错误。
我的 AWS S3 CORS 配置有问题吗?为什么我在 Chrome v86.0.4240.80(官方版本)(x86_64) 中收到这些 CORS 错误?
注意:我的存储桶实际上并未命名为“my-test-bucket”。我已更改此问题的 URL/存储桶名称。另外,如果重要的话,我正在本地使用https://localhost(使用证书设置它,因为我需要使用仅通过 HTTPS 运行的 W3C 地理定位 API)
看来这是 Chrome 的缓存问题。我找到了这个问题的答案:来自 @nassan的最新 Chomium 和 Google Canary 上的 Amazon S3 的 CORS 问题,建议将其?cacheblock=true作为查询参数添加到 GET 请求中。
因此,将我的代码更改为:
this.map.loadImage(`${dealInfo.properties.logo}?cacheblock=true`, (error, image) => {
...
})
解决 Chrome 中发生的 CORS 错误。
看起来这就是问题所在:https://bugs.chromium.org/p/chromium/issues/detail ?id=409090 。
我还添加crossorigin="anonymous"到我的脚本标签中。
似乎这是一个 Chrome 缓存问题(标头缓存?)也解释了为什么我可以使用 看到预期的标头curl,但 Chrome 抱怨它们不存在。
| 归档时间: |
|
| 查看次数: |
2925 次 |
| 最近记录: |