Zek*_*eke 10 canvas amazon-s3 cors
我在S3桶上设置了CORS,如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
</CORSRule>
</CORSConfiguration>
以下是AWS控制台的屏幕截图:https://dzwonsemrish7.cloudfront.net/items/341y0o1n1X2a0O1X2s38/Screen%20Shot%202012-10-09%20at%209.59.44%20PM.png?v=2478ad83
当我将彩色小偷 javascript 指向托管在同一域中的图像时,一切都按预期工作,但当我指向S3存储桶中的资产时,无论我是否从localhost运行我的脚本,lvh.me(指向到127.0.0.1),或从真正的互联网,我在Chrome 22中得到这样的错误:
Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
Uncaught Error: SECURITY_ERR: DOM Exception 18
这在Firefox 15中:
SecurityError: The operation is insecure.
以下是Google Chrome网络检查器中标题的外观:
Request URL:https://s3.amazonaws.com/assets-zeke.heroku.com/addons-zeke.heroku.com/catalogs/58/original.png
Request Method:GET
Status Code:304 Not Modified
Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Host:s3.amazonaws.com
If-Modified-Since:Tue, 09 Oct 2012 22:52:57 GMT
If-None-Match:"6de1a52294934c5e288894b84100d99b"
Referer:http://localhost:5000/marketplace/addons/sendgrid/edit
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4
Response Headers
HTTP/1.1 304 Not Modified
x-amz-id-2: qGvoGlvpKeSSzelanWsIPDF3zd5wQzHTr27NZoUbhNqAM1QzmKcWHnTqIkKVxF/m
x-amz-request-id: FD24FB8CA244E327
Date: Wed, 10 Oct 2012 05:20:53 GMT
Last-Modified: Tue, 09 Oct 2012 22:52:57 GMT
ETag: "6de1a52294934c5e288894b84100d99b"
Server: AmazonS3
这是我{bucket}.s3.amazonaws.com从我的桶名称更改URL结构(并删除了句点)之后的标题.
Request URL:http://assets-zeke.s3.amazonaws.com/addons-zeke.heroku.com/catalogs/58/original.png
Request Method:GET
Status Code:200 OK
Request Headers
Request Headers
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:assets-zeke.s3.amazonaws.com
Pragma:no-cache
Referer:http://lvh.me:5000/marketplace/addons/airbrake/edit
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4
Response Headers
Accept-Ranges:bytes
Content-Length:6696
Content-Type:image/png
Date:Wed, 10 Oct 2012 17:56:17 GMT
ETag:"6de1a52294934c5e288894b84100d99b"
Last-Modified:Wed, 10 Oct 2012 17:50:38 GMT
Server:AmazonS3
x-amz-id-2:UGVKQ9VQbJ82DLDxR53uDP0ZUMgla+e0GU5vO9yLr6MsY8wijl9KnM7fOyDlT+ta
x-amz-request-id:8A16CF1E02A0106C
我不应该在Access-Control-Allow-Origin: *这里看到吗?304是否意味着亚马逊正在缓存响应?
请求网址:https://s3.amazonaws.com/assets-zeke.heroku.com/addons-zeke.heroku.com/catalogs/58/original.png
好吧,这是你的问题.由于CORS和其他跨域事物的工作方式,您需要使用DNS样式的寻址来访问您的存储桶.
假设您的原始网址是正确的(它看起来不像,但我可能完全错了),您需要使用此网址:
http://assets-zeke.heroku.com.s3.amazonaws.com/addons-zeke.heroku.com/catalogs/58/original.png
换一种说法:
http://{bucket}.s3.amazonaws.com/path/object.ext
请访问:http://docs.amazonwebservices.com/AmazonS3/latest/dev/cors.html获取更多解释.