CORS 策略 AWS S3

问题描述 投票:0回答:1

我的前端(Angular 框架)在 localhost 上工作正常,但是当我从 S3 启动它时,API 全部被 CORS 策略错误阻止。

这是一个错误示例:

Access to XMLHttpRequest at 'http://localhost:8080/v1/sendPasswordRecoveryEmail' from origin 'http://3db-frontend.s3-website.eu-central-1.amazonaws.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `local`.

现在,我在 Amazon S3 上启动了前端,并连接到我的本地主机 Spring 服务器(为了简单起见)。

这是我在 S3 上写的 CORS 政策:

[
    {
        "AllowedHeaders": [
            "x-amz-*",
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "HEAD",
            "PUT",
            "POST",
            "DELETE"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]

我希望从我的 Angular 环境发起的所有请求都得到 AWS S3 的授权。

angular amazon-web-services amazon-s3 deployment cors
1个回答
0
投票

由于问题不是AWS S3而是我的服务器,所以我写下我如何配置CORS权限:

@Bean
public WebMvcConfigurer corsConfigurer() {
    return new WebMvcConfigurer() {
        @Override
        public void addCorsMappings(CorsRegistry registry) {
            registry.addMapping("/**")
                    .allowedOrigins("http://3db-frontend.s3-website.eu-central-1.amazonaws.com","https://cangy98.github.io","http://3db-frontend.s3-website.eu-central-1.amazonaws.com","http://localhost:4200", "http://localhost:8080") // Sostituisci con l'origine del frontend
                    .allowedMethods("GET", "POST", "PUT", "DELETE","PATCH")
                    .allowedHeaders("*")
                    .allowCredentials(true);
        }
    };
}

这是我的安全过滤器链:

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    //ABILITAZIONE CORS-policy DA PROCESSARE NECESSARIAMENTE PRIMA DI SPRING-SECURITY
    http
            .cors(withDefaults())
            .csrf(AbstractHttpConfigurer::disable)
            .cors(withDefaults())
            .authorizeHttpRequests(request -> request
                    .requestMatchers("/api/v1/auth/signin").permitAll()
                    .requestMatchers("/api/v1/auth/signup").permitAll()
                    .requestMatchers("/swagger-ui/**").permitAll()
                    .requestMatchers("/v3/api-docs").permitAll()
                    /*.requestMatchers("https://checkout.stripe.com/c/pay/**").permitAll()
                    .requestMatchers("/v1/create-checkout-session").permitAll()*/
                    .requestMatchers(HttpMethod.GET,"/v1/collection/**").permitAll()
                    .requestMatchers(HttpMethod.GET,"/v1/product/**").permitAll()
                    .requestMatchers(HttpMethod.GET,"/v1/jwt/**").permitAll()
                    .requestMatchers(HttpMethod.PUT,"/v1/autorizzazioni").permitAll()
                    .requestMatchers(HttpMethod.GET,"/v1/getWelcome").permitAll()
                    .requestMatchers(HttpMethod.PATCH,"/v1/verificationEmail/**").permitAll()
                    .requestMatchers(HttpMethod.GET,"/v1/verificationEmail/**").permitAll()
                    .requestMatchers(HttpMethod.POST,"/v1/sendPasswordRecoveryEmail/**").permitAll()
                    .requestMatchers(HttpMethod.PATCH,"/api/v1/auth/changePassword").permitAll()

                    .anyRequest().authenticated())
            .sessionManagement(manager -> manager.sessionCreationPolicy(STATELESS))
            .authenticationProvider(authenticationProvider()).addFilterBefore(
                    jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
    return http.build();
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.