本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 設定跨來源資源分享 (CORS)
跨來源資源分享 (CORS) 會定義一種方式,讓載入單一個網域的用戶端 Web 應用程式,能與不同網域中的資源互動。透過 CORS 支援,您可以使用 Amazon S3 建立功能豐富的用戶端 Web 應用程式,而且也可以選擇性地允許跨來源存取您的 Amazon S3 資源。
本節說明如何使用 Amazon S3 主控台、Amazon S3 REST API 和 AWS SDKs 啟用 CORS。若要設定儲存貯體允許跨來源要求,您可以將 CORS 組態新增至儲存貯體。CORS 組態是具有規則的文件,這些規則可識別允許存取儲存貯體的來源、每個來源支援的操作 (HTTP 方法),以及其他操作特定資訊。在 S3 主控台中,CORS 組態必須為 JSON 文件。
如需有關 JSON 和 XML 中的 CORS 組態範例,請參閱 [CORS 組態的元素](ManageCorsUsing.md)。
## 使用 S3 主控台
本節說明如何使用 Amazon S3 主控台將跨來源資源分享 (CORS) 組態新增至 S3 儲存貯體。
在儲存貯體上啟用 CORS 時,仍繼續適用存取控制清單 (ACL) 與其他存取許可政策。
**重要**
在 S3 主控台中,CORS 組態必須為 JSON 格式。如需有關 JSON 和 XML 中的 CORS 組態範例,請參閱[CORS 組態的元素](ManageCorsUsing.md)。
**將 CORS 組態新增至 S3 儲存貯體**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/) 開啟 Amazon S3 主控台。
1. 在左側導覽窗格中,選擇**一般用途儲存貯體**。
1. 在儲存貯體清單中,選擇要建立儲存貯體政策的儲存貯體名稱。
1. 選擇 **Permissions** (許可)。
1. 在 **Cross-origin resource sharing (CORS) (跨來源資源分享 (CORS))** 區段中,選擇 **Edit (編輯)**。
1. 在 **CORS configuration editor (CORS 組態編輯器)** 文字方塊中,輸入或複製並貼上新的 CORS 組態,或編輯現有組態。
CORS 組態是 JSON 檔案。您在編輯器中輸入的文字必須是有效的 JSON。如需詳細資訊,請參閱[CORS 組態的元素](ManageCorsUsing.md)。
1. 選擇 **Save changes** (儲存變更)。
**注意**
Amazon S3 會顯示 **CORS configuration editor (CORS 組態編輯器)** 標題旁儲存貯體的 Amazon Resource Name (ARN)。如需 ARNs 的詳細資訊,請參閱 中的 [Amazon Resource Name (ARNs) AWS 和服務命名空間](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)*Amazon Web Services 一般參考*。
## 使用 AWS SDKs
您可以使用 AWS SDK 來管理儲存貯體的跨來源資源共用 (CORS)。如需 CORS 的詳細資訊,請參閱「[使用跨來源資源分享 (CORS)](cors.md)」。
請參閱以下範例:
+ 為建立 CORS 組態和設定儲存貯體組態
+ 擷取組態與增加規則修改組態。
+ 將經過修改的組態設定加入到儲存貯體中。
+ 刪除組態
------
#### [ Java ]
**Example**
**Example**
如需如何建立和測試工作範例的說明,請參閱《 適用於 Java 的 AWS SDK 開發人員指南》中的[入門](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/getting-started.html)。
```
import com.amazonaws.AmazonServiceException;
import com.amazonaws.SdkClientException;
import com.amazonaws.auth.profile.ProfileCredentialsProvider;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.BucketCrossOriginConfiguration;
import com.amazonaws.services.s3.model.CORSRule;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
public class CORS {
public static void main(String[] args) throws IOException {
Regions clientRegion = Regions.DEFAULT_REGION;
String bucketName = "*** Bucket name ***";
// Create two CORS rules.
List rule1AM = new ArrayList();
rule1AM.add(CORSRule.AllowedMethods.PUT);
rule1AM.add(CORSRule.AllowedMethods.POST);
rule1AM.add(CORSRule.AllowedMethods.DELETE);
CORSRule rule1 = new CORSRule().withId("CORSRule1").withAllowedMethods(rule1AM)
.withAllowedOrigins(Arrays.asList("http://*.example.com"));
List rule2AM = new ArrayList();
rule2AM.add(CORSRule.AllowedMethods.GET);
CORSRule rule2 = new CORSRule().withId("CORSRule2").withAllowedMethods(rule2AM)
.withAllowedOrigins(Arrays.asList("*")).withMaxAgeSeconds(3000)
.withExposedHeaders(Arrays.asList("x-amz-server-side-encryption"));
List rules = new ArrayList();
rules.add(rule1);
rules.add(rule2);
// Add the rules to a new CORS configuration.
BucketCrossOriginConfiguration configuration = new BucketCrossOriginConfiguration();
configuration.setRules(rules);
try {
AmazonS3 s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(new ProfileCredentialsProvider())
.withRegion(clientRegion)
.build();
// Add the configuration to the bucket.
s3Client.setBucketCrossOriginConfiguration(bucketName, configuration);
// Retrieve and display the configuration.
configuration = s3Client.getBucketCrossOriginConfiguration(bucketName);
printCORSConfiguration(configuration);
// Add another new rule.
List rule3AM = new ArrayList();
rule3AM.add(CORSRule.AllowedMethods.HEAD);
CORSRule rule3 = new CORSRule().withId("CORSRule3").withAllowedMethods(rule3AM)
.withAllowedOrigins(Arrays.asList("http://www.example.com"));
rules = configuration.getRules();
rules.add(rule3);
configuration.setRules(rules);
s3Client.setBucketCrossOriginConfiguration(bucketName, configuration);
// Verify that the new rule was added by checking the number of rules in the
// configuration.
configuration = s3Client.getBucketCrossOriginConfiguration(bucketName);
System.out.println("Expected # of rules = 3, found " + configuration.getRules().size());
// Delete the configuration.
s3Client.deleteBucketCrossOriginConfiguration(bucketName);
System.out.println("Removed CORS configuration.");
// Retrieve and display the configuration to verify that it was
// successfully deleted.
configuration = s3Client.getBucketCrossOriginConfiguration(bucketName);
printCORSConfiguration(configuration);
} catch (AmazonServiceException e) {
// The call was transmitted successfully, but Amazon S3 couldn't process
// it, so it returned an error response.
e.printStackTrace();
} catch (SdkClientException e) {
// Amazon S3 couldn't be contacted for a response, or the client
// couldn't parse the response from Amazon S3.
e.printStackTrace();
}
}
private static void printCORSConfiguration(BucketCrossOriginConfiguration configuration) {
if (configuration == null) {
System.out.println("Configuration is null.");
} else {
System.out.println("Configuration has " + configuration.getRules().size() + " rules\n");
for (CORSRule rule : configuration.getRules()) {
System.out.println("Rule ID: " + rule.getId());
System.out.println("MaxAgeSeconds: " + rule.getMaxAgeSeconds());
System.out.println("AllowedMethod: " + rule.getAllowedMethods());
System.out.println("AllowedOrigins: " + rule.getAllowedOrigins());
System.out.println("AllowedHeaders: " + rule.getAllowedHeaders());
System.out.println("ExposeHeader: " + rule.getExposedHeaders());
System.out.println();
}
}
}
}
```
------
#### [ .NET ]
**Example**
如需有關設定和執行程式碼範例的資訊,請參閱《[適用於 .NET 的 AWS SDK 開發人員指南》中的適用於 .NET 的 SDK 入門](https://docs.aws.amazon.com/sdk-for-net/latest/developer-guide/net-dg-setup.html)。 *AWS *
```
using Amazon;
using Amazon.S3;
using Amazon.S3.Model;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
namespace Amazon.DocSamples.S3
{
class CORSTest
{
private const string bucketName = "*** bucket name ***";
// Specify your bucket region (an example region is shown).
private static readonly RegionEndpoint bucketRegion = RegionEndpoint.USWest2;
private static IAmazonS3 s3Client;
public static void Main()
{
s3Client = new AmazonS3Client(bucketRegion);
CORSConfigTestAsync().Wait();
}
private static async Task CORSConfigTestAsync()
{
try
{
// Create a new configuration request and add two rules
CORSConfiguration configuration = new CORSConfiguration
{
Rules = new System.Collections.Generic.List
{
new CORSRule
{
Id = "CORSRule1",
AllowedMethods = new List {"PUT", "POST", "DELETE"},
AllowedOrigins = new List {"http://*.example.com"}
},
new CORSRule
{
Id = "CORSRule2",
AllowedMethods = new List {"GET"},
AllowedOrigins = new List {"*"},
MaxAgeSeconds = 3000,
ExposeHeaders = new List {"x-amz-server-side-encryption"}
}
}
};
// Add the configuration to the bucket.
await PutCORSConfigurationAsync(configuration);
// Retrieve an existing configuration.
configuration = await RetrieveCORSConfigurationAsync();
// Add a new rule.
configuration.Rules.Add(new CORSRule
{
Id = "CORSRule3",
AllowedMethods = new List { "HEAD" },
AllowedOrigins = new List { "http://www.example.com" }
});
// Add the configuration to the bucket.
await PutCORSConfigurationAsync(configuration);
// Verify that there are now three rules.
configuration = await RetrieveCORSConfigurationAsync();
Console.WriteLine();
Console.WriteLine("Expected # of rulest=3; found:{0}", configuration.Rules.Count);
Console.WriteLine();
Console.WriteLine("Pause before configuration delete. To continue, click Enter...");
Console.ReadKey();
// Delete the configuration.
await DeleteCORSConfigurationAsync();
// Retrieve a nonexistent configuration.
configuration = await RetrieveCORSConfigurationAsync();
}
catch (AmazonS3Exception e)
{
Console.WriteLine("Error encountered on server. Message:'{0}' when writing an object", e.Message);
}
catch (Exception e)
{
Console.WriteLine("Unknown encountered on server. Message:'{0}' when writing an object", e.Message);
}
}
static async Task PutCORSConfigurationAsync(CORSConfiguration configuration)
{
PutCORSConfigurationRequest request = new PutCORSConfigurationRequest
{
BucketName = bucketName,
Configuration = configuration
};
var response = await s3Client.PutCORSConfigurationAsync(request);
}
static async Task RetrieveCORSConfigurationAsync()
{
GetCORSConfigurationRequest request = new GetCORSConfigurationRequest
{
BucketName = bucketName
};
var response = await s3Client.GetCORSConfigurationAsync(request);
var configuration = response.Configuration;
PrintCORSRules(configuration);
return configuration;
}
static async Task DeleteCORSConfigurationAsync()
{
DeleteCORSConfigurationRequest request = new DeleteCORSConfigurationRequest
{
BucketName = bucketName
};
await s3Client.DeleteCORSConfigurationAsync(request);
}
static void PrintCORSRules(CORSConfiguration configuration)
{
Console.WriteLine();
if (configuration == null)
{
Console.WriteLine("\nConfiguration is null");
return;
}
Console.WriteLine("Configuration has {0} rules:", configuration.Rules.Count);
foreach (CORSRule rule in configuration.Rules)
{
Console.WriteLine("Rule ID: {0}", rule.Id);
Console.WriteLine("MaxAgeSeconds: {0}", rule.MaxAgeSeconds);
Console.WriteLine("AllowedMethod: {0}", string.Join(", ", rule.AllowedMethods.ToArray()));
Console.WriteLine("AllowedOrigins: {0}", string.Join(", ", rule.AllowedOrigins.ToArray()));
Console.WriteLine("AllowedHeaders: {0}", string.Join(", ", rule.AllowedHeaders.ToArray()));
Console.WriteLine("ExposeHeader: {0}", string.Join(", ", rule.ExposeHeaders.ToArray()));
}
}
}
}
```
------
## 使用 REST API
您可以使用 AWS 管理主控台,在儲存貯體上設定 CORS 組態。您也可以視應用程式之需要,直接傳送 REST 要求。*Amazon 簡易儲存服務 API 參考* 中的下列章節說明與 CORS 組態相關的 REST API 動作:
+ [PutBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTcors.html)
+ [GetBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETcors.html)
+ [DeleteBucketCors](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketDELETEcors.html)
+ [OPTIONS 物件](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html)