將跨來源資源分享 (CORS) 標頭新增至回應 - Amazon CloudFront

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

將跨來源資源分享 (CORS) 標頭新增至回應

如果回應尚未包含此標頭,下列範例函數會將 Access-Control-Allow-Origin HTTP 標頭新增至回應。此標頭是跨來源資源分享 (CORS) 的一部分。標頭的值 (*) 告訴 Web 瀏覽器允許來自任何來源的程式碼存取此資源。如需詳細資訊,請參閱 MDN Web Docs 網站上的 Access-Control-Allow-Origin

這是一個檢視者回應函數。

請參閱(詳見)的範例 GitHub

JavaScript runtime 2.0
async function handler(event)  {
    const request = event.request;
    const response  = event.response;
 
    // If Access-Control-Allow-Origin CORS header is missing, add it.
    // Since JavaScript doesn't allow for hyphens in variable names, we use the dict["key"] notation.
    if (!response.headers['access-control-allow-origin'] && request.headers['origin']) {
        response.headers['access-control-allow-origin'] = {value: request.headers['origin'].value};
        console.log("Access-Control-Allow-Origin was missing, adding it now.");
    }

    return response;
}
JavaScript runtime 1.0
function handler(event)  {
    var response  = event.response;
    var headers  = response.headers;

    // If Access-Control-Allow-Origin CORS header is missing, add it.
    // Since JavaScript doesn't allow for hyphens in variable names, we use the dict["key"] notation.
    if (!headers['access-control-allow-origin']) {
        headers['access-control-allow-origin'] = {value: "*"};
        console.log("Access-Control-Allow-Origin was missing, adding it now.");
    }

    return response;
}