CORS configuration permits cross-domain requests. It is not a method for restricting access to files.
By default, browsers will not allow cross-domain requests. For example, the browser will not allow a page served from example1.com
to access content from example2.com
. This is done to protect your personal information, such as people trying to open iframes to Facebook to access your personal Facebook content.
If, however, example2.com
is willing to permit this cross-domain request, then it can add a Cross Original Resource Sharing (CORS) policy that says that example1.com
is permitted to access the content in a cross-domain manner. The web browser will then permit the access.
总之:是您的 Web 浏览器控制 CORS。CORS 策略只是告诉 Web 浏览器允许它。
请参阅:跨域资源共享 (CORS)
被推荐人限制
但是,您的特定要求似乎是您愿意提供来自 Amazon S3 的内容,但前提是该内容出现在特定网页上。例如,仅images.example.com
在由 提供的页面请求时才显示图像example.com
。您可以通过在 Amazon S3 存储桶策略中指定 Referrer来实现此目的。
{
"Version":"2012-10-17",
"Id":"http referer policy example",
"Statement":[
{
"Sid":"Allow get requests originating from www.example.com and example.com.",
"Effect":"Allow",
"Principal":"*",
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::examplebucket/*",
"Condition":{
"StringLike":{"aws:Referer":["http://www.example.com/*","http://example.com/*"]}
}
}
]
}
伪造推荐人相对容易,但这通常应该为您提供所需的信息。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句