这是我的情景:
-
使用服务器生成按需发送到浏览器的预签名URL . 浏览器将文件上传到这些URL,然后将上传结果发送到服务器(以避免使这些文件穿过我们的负载 balancer 器等) . 我一直遇到307s和CORS失败
-
文件使用SSE-C加密并放在具有私有ACL的存储桶中 . 签名的网址是第一次剪切生成并与第二次一起使用
Server
const params = {
Bucket: bucket,
Key: objectKey,
Expires: expiration,
SSECustomerAlgorithm: 'AES256',
SSECustomerKey: ssecKey,
SSECustomerKeyMD5: ssecMD5,
Metadata: { filename, userId }
};
return S3Module.S3.getSignedUrl('putObject', params);
Client
// ...
uploadToS3(url, file, params) {
return new Promise((resolve, reject) => {
const customHeaders = {
'x-amz-meta-filename': params['x-amz-meta-filename'],
'x-amz-meta-userId': params['x-amz-meta-userId'],
'x-amz-server-side-encryption-customer-algorithm':
params['x-amz-server-side-encryption-customer-algorithm'],
'x-amz-server-side-encryption-customer-key': params['x-amz-server-side-encryption-customer-key'],
'x-amz-server-side-encryption-customer-key-MD5':
params['x-amz-server-side-encryption-customer-key-MD5'],
'x-amz-acl': 'private'
};
superagent
.put(url)
.withCredentials()
.set('Content-Type', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet')
.set(customHeaders)
.send(file)
.end((err, res) => {
if (err) {
return reject(err);
}
console.error(res, err);
resolve(res);
});
});
}
// ...
我一直从S3获得307,这当然不适用于CORS . 我做了一些阅读,有些人说这是与S3上的DNS同步相关的临时问题,但即使等待24小时也似乎没有通过 .
- CORS配置如下:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://localhost:3000</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
如果我替换us-west-2区域(获得 https://bucket-name.s3.amazonaws.com
),我会得到 403 forbidden response
. 如果我不这样做,我会得到一个307的https://bucket-name.s3.us-west-2.amazonaws.com . 浏览器(正确地)抱怨:
Access to XMLHttpRequest at 'MY URL' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
任何帮助将非常感谢 - 谢谢!