設定跨來源資源分享 (CORS) - Amazon Simple Storage Service

設定跨來源資源分享 (CORS)

跨來源資源分享 (CORS) 會定義一種方式,讓載入單一個網域的用戶端 Web 應用程式,能與不同網域中的資源互動。透過 CORS 支援,您可以使用 Amazon S3 建立功能豐富的用戶端 Web 應用程式,而且也可以選擇性地允許跨來源存取您的 Amazon S3 資源。

本節向您介紹如何使用 Amazon S3 主控台、Amazon S3 REST API 和 AWS 開發套件來啟用 CORS。若要設定儲存貯體允許跨來源要求,您可以將 CORS 組態新增至儲存貯體。CORS 組態是具有規則的文件,這些規則可識別允許存取儲存貯體的來源、每個來源支援的操作 (HTTP 方法),以及其他操作特定資訊。在 S3 主控台中,CORS 組態必須為 JSON 文件。

如需有關 JSON 和 XML 中的 CORS 組態範例,請參閱CORS 組態

本節說明如何使用 Amazon S3 主控台將跨來源資源分享 (CORS) 組態新增至 S3 儲存貯體。

在儲存貯體上啟用 CORS 時,仍繼續適用存取控制清單 (ACL) 與其他存取許可政策。

重要

在新的 S3 主控台中,CORS 組態必須為 JSON 格式。如需有關 JSON 和 XML 中的 CORS 組態範例,請參閱CORS 組態

將 CORS 組態新增至 S3 儲存貯體

  1. 登入 AWS 管理主控台,然後前往 https://console.aws.amazon.com/s3/ 開啟 Amazon S3 主控台。

  2. Buckets (儲存貯體) 清單中,選擇要建立儲存貯體政策的儲存貯體名稱。

  3. 選擇 Permissions (許可)。

  4. Cross-origin resource sharing (CORS) (跨來源資源分享 (CORS)) 區段中,選擇 Edit (編輯)

  5. CORS configuration editor (CORS 組態編輯器) 文字方塊中,輸入或複製並貼上新的 CORS 組態,或編輯現有組態。

    CORS 組態是 JSON 檔案。您在編輯器中輸入的文字必須是有效的 JSON。如需更多詳細資訊,請參閱 CORS 組態

  6. 選擇 Save changes (儲存變更)

    注意

    Amazon S3 會顯示 CORS configuration editor (CORS 組態編輯器) 標題旁儲存貯體的 Amazon Resource Name (ARN)。如需 ARN 的詳細資訊,請參閱 Amazon Web Services 一般參考資料中的 Amazon Resource Name (ARN) 與 AWS 服務命名空間

您可以使用 AWS 開發套件管理儲存貯體的跨來源資源分享 (CORS)。如需 CORS 的詳細資訊,請參閱「使用跨來源資源分享 (CORS)」。

請參閱以下範例:

  • 為建立 CORS 組態和設定儲存貯體組態

  • 擷取組態與增加規則修改組態。

  • 將經過修改的組態設定加入到儲存貯體中。

  • 刪除組態

Java

如需如何建立及測試工作範例的說明,請參閱「測試 Amazon S3 Java 程式碼範例」。

import com.amazonaws.AmazonServiceException; import com.amazonaws.SdkClientException; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.regions.Regions; import com.amazonaws.services.s3.AmazonS3; import com.amazonaws.services.s3.AmazonS3ClientBuilder; import com.amazonaws.services.s3.model.BucketCrossOriginConfiguration; import com.amazonaws.services.s3.model.CORSRule; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; public class CORS { public static void main(String[] args) throws IOException { Regions clientRegion = Regions.DEFAULT_REGION; String bucketName = "*** Bucket name ***"; // Create two CORS rules. List<CORSRule.AllowedMethods> rule1AM = new ArrayList<CORSRule.AllowedMethods>(); rule1AM.add(CORSRule.AllowedMethods.PUT); rule1AM.add(CORSRule.AllowedMethods.POST); rule1AM.add(CORSRule.AllowedMethods.DELETE); CORSRule rule1 = new CORSRule().withId("CORSRule1").withAllowedMethods(rule1AM) .withAllowedOrigins(Arrays.asList("http://*.example.com")); List<CORSRule.AllowedMethods> rule2AM = new ArrayList<CORSRule.AllowedMethods>(); rule2AM.add(CORSRule.AllowedMethods.GET); CORSRule rule2 = new CORSRule().withId("CORSRule2").withAllowedMethods(rule2AM) .withAllowedOrigins(Arrays.asList("*")).withMaxAgeSeconds(3000) .withExposedHeaders(Arrays.asList("x-amz-server-side-encryption")); List<CORSRule> rules = new ArrayList<CORSRule>(); rules.add(rule1); rules.add(rule2); // Add the rules to a new CORS configuration. BucketCrossOriginConfiguration configuration = new BucketCrossOriginConfiguration(); configuration.setRules(rules); try { AmazonS3 s3Client = AmazonS3ClientBuilder.standard() .withCredentials(new ProfileCredentialsProvider()) .withRegion(clientRegion) .build(); // Add the configuration to the bucket. s3Client.setBucketCrossOriginConfiguration(bucketName, configuration); // Retrieve and display the configuration. configuration = s3Client.getBucketCrossOriginConfiguration(bucketName); printCORSConfiguration(configuration); // Add another new rule. List<CORSRule.AllowedMethods> rule3AM = new ArrayList<CORSRule.AllowedMethods>(); rule3AM.add(CORSRule.AllowedMethods.HEAD); CORSRule rule3 = new CORSRule().withId("CORSRule3").withAllowedMethods(rule3AM) .withAllowedOrigins(Arrays.asList("http://www.example.com")); rules = configuration.getRules(); rules.add(rule3); configuration.setRules(rules); s3Client.setBucketCrossOriginConfiguration(bucketName, configuration); // Verify that the new rule was added by checking the number of rules in the configuration. configuration = s3Client.getBucketCrossOriginConfiguration(bucketName); System.out.println("Expected # of rules = 3, found " + configuration.getRules().size()); // Delete the configuration. s3Client.deleteBucketCrossOriginConfiguration(bucketName); System.out.println("Removed CORS configuration."); // Retrieve and display the configuration to verify that it was // successfully deleted. configuration = s3Client.getBucketCrossOriginConfiguration(bucketName); printCORSConfiguration(configuration); } catch (AmazonServiceException e) { // The call was transmitted successfully, but Amazon S3 couldn't process // it, so it returned an error response. e.printStackTrace(); } catch (SdkClientException e) { // Amazon S3 couldn't be contacted for a response, or the client // couldn't parse the response from Amazon S3. e.printStackTrace(); } } private static void printCORSConfiguration(BucketCrossOriginConfiguration configuration) { if (configuration == null) { System.out.println("Configuration is null."); } else { System.out.println("Configuration has " + configuration.getRules().size() + " rules\n"); for (CORSRule rule : configuration.getRules()) { System.out.println("Rule ID: " + rule.getId()); System.out.println("MaxAgeSeconds: " + rule.getMaxAgeSeconds()); System.out.println("AllowedMethod: " + rule.getAllowedMethods()); System.out.println("AllowedOrigins: " + rule.getAllowedOrigins()); System.out.println("AllowedHeaders: " + rule.getAllowedHeaders()); System.out.println("ExposeHeader: " + rule.getExposedHeaders()); System.out.println(); } } } }
.NET

如需建立及測試工作範例的資訊,請參閱「執行 Amazon S3 .NET 程式碼範例」。

using Amazon; using Amazon.S3; using Amazon.S3.Model; using System; using System.Collections.Generic; using System.Threading.Tasks; namespace Amazon.DocSamples.S3 { class CORSTest { private const string bucketName = "*** bucket name ***"; // Specify your bucket region (an example region is shown). private static readonly RegionEndpoint bucketRegion = RegionEndpoint.USWest2; private static IAmazonS3 s3Client; public static void Main() { s3Client = new AmazonS3Client(bucketRegion); CORSConfigTestAsync().Wait(); } private static async Task CORSConfigTestAsync() { try { // Create a new configuration request and add two rules CORSConfiguration configuration = new CORSConfiguration { Rules = new System.Collections.Generic.List<CORSRule> { new CORSRule { Id = "CORSRule1", AllowedMethods = new List<string> {"PUT", "POST", "DELETE"}, AllowedOrigins = new List<string> {"http://*.example.com"} }, new CORSRule { Id = "CORSRule2", AllowedMethods = new List<string> {"GET"}, AllowedOrigins = new List<string> {"*"}, MaxAgeSeconds = 3000, ExposeHeaders = new List<string> {"x-amz-server-side-encryption"} } } }; // Add the configuration to the bucket. await PutCORSConfigurationAsync(configuration); // Retrieve an existing configuration. configuration = await RetrieveCORSConfigurationAsync(); // Add a new rule. configuration.Rules.Add(new CORSRule { Id = "CORSRule3", AllowedMethods = new List<string> { "HEAD" }, AllowedOrigins = new List<string> { "http://www.example.com" } }); // Add the configuration to the bucket. await PutCORSConfigurationAsync(configuration); // Verify that there are now three rules. configuration = await RetrieveCORSConfigurationAsync(); Console.WriteLine(); Console.WriteLine("Expected # of rulest=3; found:{0}", configuration.Rules.Count); Console.WriteLine(); Console.WriteLine("Pause before configuration delete. To continue, click Enter..."); Console.ReadKey(); // Delete the configuration. await DeleteCORSConfigurationAsync(); // Retrieve a nonexistent configuration. configuration = await RetrieveCORSConfigurationAsync(); } catch (AmazonS3Exception e) { Console.WriteLine("Error encountered on server. Message:'{0}' when writing an object", e.Message); } catch (Exception e) { Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message); } } static async Task PutCORSConfigurationAsync(CORSConfiguration configuration) { PutCORSConfigurationRequest request = new PutCORSConfigurationRequest { BucketName = bucketName, Configuration = configuration }; var response = await s3Client.PutCORSConfigurationAsync(request); } static async Task<CORSConfiguration> RetrieveCORSConfigurationAsync() { GetCORSConfigurationRequest request = new GetCORSConfigurationRequest { BucketName = bucketName }; var response = await s3Client.GetCORSConfigurationAsync(request); var configuration = response.Configuration; PrintCORSRules(configuration); return configuration; } static async Task DeleteCORSConfigurationAsync() { DeleteCORSConfigurationRequest request = new DeleteCORSConfigurationRequest { BucketName = bucketName }; await s3Client.DeleteCORSConfigurationAsync(request); } static void PrintCORSRules(CORSConfiguration configuration) { Console.WriteLine(); if (configuration == null) { Console.WriteLine("\nConfiguration is null"); return; } Console.WriteLine("Configuration has {0} rules:", configuration.Rules.Count); foreach (CORSRule rule in configuration.Rules) { Console.WriteLine("Rule ID: {0}", rule.Id); Console.WriteLine("MaxAgeSeconds: {0}", rule.MaxAgeSeconds); Console.WriteLine("AllowedMethod: {0}", string.Join(", ", rule.AllowedMethods.ToArray())); Console.WriteLine("AllowedOrigins: {0}", string.Join(", ", rule.AllowedOrigins.ToArray())); Console.WriteLine("AllowedHeaders: {0}", string.Join(", ", rule.AllowedHeaders.ToArray())); Console.WriteLine("ExposeHeader: {0}", string.Join(", ", rule.ExposeHeaders.ToArray())); } } } }

您可以使用 AWS 管理主控台,在儲存貯體上設定 CORS 組態。您也可以視應用程式之需要,直接傳送 REST 要求。Amazon 簡易儲存服務 API 參考 中的下列章節說明與 CORS 組態相關的 REST API 動作: