sho*_*000 6 amazon-s3 cross-origin-resource-policy
我使用https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManageCorsUsing.html在 s3 上设置 CORS 。在我的网站上,我使用ckeditor上传图像并将其发送到 s3。问题是,POST有效但GET无效。失败了
跨域资源策略
要从不同的源使用此资源,服务器需要在响应标头中指定跨源资源策略:
Cross-Origin-Resource-Policy: same-site如果资源和文档由同一站点提供,请选择此选项。
Cross-Origin-Resource-Policy: cross-origin仅当包含此资源的任意网站不会带来安全风险时才选择此选项。
来自 GET 的响应
Accept-Ranges: bytes
Content-Length: 90105
Content-Type: image/png
Date: Wed, 12 May 2021 16:44:33 GMT
ETag: "3524cdaa5d0975c249bb464033808244"
Last-Modified: Wed, 12 May 2021 16:44:33 GMT
Server: AmazonS3
...
x-amz-id-2: pNoskXKWXhpCbwArHgIN4kVD+oO8Pyq/3PIJAEcSJCo3hWMmHVspn2mIjfItCFAM+jUXtcN3pqY=
x-amz-request-id: 3BEE5J8RQPCXTQ93
我在 apache 服务器上设置了以下内容
Header set Content-Security-Policy "default-src 'self' *.s3.amazonaws.com *.uatdomainplus.com *.qadomainplus.com *.hci.com hci.com ; font-src *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com *.hcidomain.plus *.uatdomainplus.com *.qadomainplus.com ; img-src 'self' data: *.s3.amazonaws.com; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com cdn.datatables.net; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdn.datatables.net;"
Header always set X-Content-Type-Options nosniff
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always append X-Frame-Options SAMEORIGIN
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires 0
### set only for webapps
Header add Access-Control-Allow-Origin "s3.amazonaws.com uatdomainplus.com qadomainplus.com hci.com typekit.net cdnjs.cloudflare.com fonts.gstatic.com hcidomain.plus uatdomainplus.com qadomainplus.com cdn.datatables.net"
Header always set Access-Control-Allow-Methods "POST,GET,OPTIONS,PUT,PATCH,DELETE"
Header always set Access-Control-Max-Age "3600"
Header always set Access-Control-Allow-Headers "Content-Type,Authorization"
Header always set Cross-Origin-Embedder-Policy: require-corp
Header always set Cross-Origin-Opener-Policy: same-origin
Header always set Cross-Origin-Resource-Policy: cross-origin
| 归档时间: |
|
| 查看次数: |
552 次 |
| 最近记录: |