CORS header 使用 CloudFront 和 S3 进行缓存
CORS header caching with CoudFront and S3
我正在尝试通过 S3 设置 CloudFront,但我 运行 遇到了以下问题。
我请求跨域的图像和文本文件。有时对文件的请求是使用 XHR 进行的,有时是通过嵌入图像标签进行的。
我看到的问题是,如果通过 XHR 向资产发出请求,它包含“Origin”header,并且响应具有正确的“Access-Control-Allow-Origin” '.如果之后我请求相同的资产,不包括“Origin”header,它会正确响应,没有“Access-Control-Allow-Origin”header。 但是...如果我通过 XHR 发出另一个请求,包括对同一个 URL 的“Origin”header,它 returns错误的回答 WITHOUT 'Access-Control-Allow-Origin' 永远。
我已将 CloudFront 设置为白名单“Origin”header,并且未缓存 OPTIONS.
我的 S3 CORS 策略:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>60</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
这是一个 cURL 示例:
通过 XHR 发出请求
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:42:56 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 60
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Origin
X-Cache: Miss from cloudfront
Via: 1.1 8d45ffe3c8bfd31eef4b048ab3ea99b2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: lY4reBVHrFq3MVgdFLx4LvbaOj8UnypXIHxBRvUN4TkkXzyHVmQcmQ==
Content-Length: 4
Connection: Keep-Alive
重复请求(注意缓存命中)
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:42:56 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 60
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
Age: 6
Vary: Origin
X-Cache: Hit from cloudfront
Via: 1.1 90d8e168b0948a3eb36a451ebb27f4f9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: cU-TCt-_5MsdLUrUqQk7_HLCUVyNEWOWW2ET19--Pc6j4M-8LkfsyQ==
Content-Length: 4
Connection: Keep-Alive
在没有 Origin 的情况下提出请求 header
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 0
不重复请求 Origin header
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 3
使用 Origin header 提出请求。注释丢失 Access-Control-Allow-Origin
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 9
与 Origin header 相同的请求。注意缺少 Access-Control-Allow-Origin 和 Cache-miss
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 14
正如@Michael 所怀疑的那样,这是由某处不良的中间缓存引起的。
通过 SSL 访问 CloudFront 阻止了问题的发生。
我正在尝试通过 S3 设置 CloudFront,但我 运行 遇到了以下问题。
我请求跨域的图像和文本文件。有时对文件的请求是使用 XHR 进行的,有时是通过嵌入图像标签进行的。
我看到的问题是,如果通过 XHR 向资产发出请求,它包含“Origin”header,并且响应具有正确的“Access-Control-Allow-Origin” '.如果之后我请求相同的资产,不包括“Origin”header,它会正确响应,没有“Access-Control-Allow-Origin”header。 但是...如果我通过 XHR 发出另一个请求,包括对同一个 URL 的“Origin”header,它 returns错误的回答 WITHOUT 'Access-Control-Allow-Origin' 永远。
我已将 CloudFront 设置为白名单“Origin”header,并且未缓存 OPTIONS.
我的 S3 CORS 策略:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>60</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
这是一个 cURL 示例:
通过 XHR 发出请求
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:42:56 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 60
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
Vary: Origin
X-Cache: Miss from cloudfront
Via: 1.1 8d45ffe3c8bfd31eef4b048ab3ea99b2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: lY4reBVHrFq3MVgdFLx4LvbaOj8UnypXIHxBRvUN4TkkXzyHVmQcmQ==
Content-Length: 4
Connection: Keep-Alive
重复请求(注意缓存命中)
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:42:56 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 60
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
Age: 6
Vary: Origin
X-Cache: Hit from cloudfront
Via: 1.1 90d8e168b0948a3eb36a451ebb27f4f9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: cU-TCt-_5MsdLUrUqQk7_HLCUVyNEWOWW2ET19--Pc6j4M-8LkfsyQ==
Content-Length: 4
Connection: Keep-Alive
在没有 Origin 的情况下提出请求 header
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 0
不重复请求 Origin header
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 3
使用 Origin header 提出请求。注释丢失 Access-Control-Allow-Origin
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 9
与 Origin header 相同的请求。注意缺少 Access-Control-Allow-Origin 和 Cache-miss
~$ curl 'http://xxxxxxxx.cloudfront.net/test/test_03.txt' -H 'Origin: http://www.cnn.com' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,en-NZ;q=0.4,zh-TW;q=0.2,zh;q=0.2,en-AU;q=0.2' -H 'User-Agent: Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53' -H 'Accept: */*' -H 'Referer: http://www.cnn.com/' -H 'Proxy-Connection: keep-alive' --compressed
HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sat, 22 Aug 2015 08:43:18 GMT
Last-Modified: Sat, 22 Aug 2015 08:41:08 GMT
ETag: "0cbc6611f5540bd0809a388dc95a615b"
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 bd9375a232718e4567ed228bf8c06fc9.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 03bYSXai6AmwmPRHukm3g8Qv09qB-KdyYs5sXb5RLtPuPdYQHD35hA==
Content-Length: 4
Connection: Keep-Alive
Age: 14
正如@Michael 所怀疑的那样,这是由某处不良的中间缓存引起的。
通过 SSL 访问 CloudFront 阻止了问题的发生。