1. 技术文章
  2. Response from Cloudfront from S3 Origin keeps changing CORS Headers

Response from Cloudfront from S3 Origin keeps changing CORS Headers

*爱你&永不变心* 提交于 2019-12-11 08:53:55

问题


here is my problem : CORS are set as supposed to be on the S3 : 

<CORSConfiguration>
 <CORSRule>
   <AllowedOrigin>*</AllowedOrigin>
   <AllowedMethod>GET</AllowedMethod>
 </CORSRule>
</CORSConfiguration>

when I try to fetch a file (using jQuery with option CrossDomain = true)

from A.example.com -> B.example.com/file.js (works with correct Headers) When I try the same request from another domain : C.dev.example.com -> B.example.com/file.js // (it fails)

However for the second example when I look at the network logs in chrome my first request OPTIONS:

it has the correct CORS response headers : 

access-control-allow-headers: access-control-allow-headers
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 3000
content-length: 0
date: Mon, 26 Mar 2018 14:38:36 GMT
server: AmazonS3
status: 200
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
via: 1.1 f19281f08e79aa6c6634266c50732dd5.cloudfront.net (CloudFront)
x-amz-cf-id: S2aMKSsJspB9p2RVxLMNh49iQ3Rc0Uims-EEIcjbxC42_OpqJpoUXQ==
x-cache: Miss from cloudfront

However the GET Request (right after the OPTIONS) : 

accept-ranges: bytes
content-length: 817
content-type: application/javascript
date: Mon, 26 Mar 2018 14:19:46 GMT
etag: "5b85d498318db8095a776fdcae57c624"
last-modified: Mon, 26 Mar 2018 14:19:20 GMT
server: AmazonS3
status: 200
via: 1.1 f19281f08e79aa6c6634266c50732dd5.cloudfront.net (CloudFront)
x-amz-cf-id: C0xswS08mXDHkagm3phQT59wjclwEX9ZZHXr57OpZVMHzkf432H7dg==
x-cache: RefreshHit from cloudfront

My TTL on the Cloudfront is 5 seconds (It has to be aggressive for my use case) I'm using the h2 protocol instead of the http/1.1


回答1:


My problem is due to a known issue related to the fact that CloudFront doesn't send the 'Vary: Origin' header in the response, hence the response is cached by the browser that triggers the errors.

more details here : https://forums.aws.amazon.com/thread.jspa?threadID=156134 and more details here too : https://serverfault.com/questions/856904/chrome-s3-cloudfront-no-access-control-allow-origin-header-on-initial-xhr-req/856948#856948



来源:https://stackoverflow.com/questions/49495021/response-from-cloudfront-from-s3-origin-keeps-changing-cors-headers

标签
amazon-s3
cors
amazon-cloudfront
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!