我有一个托管在 Heroku 上的 Rails 应用程序,它使用 CloudFront 以及托管在 S3 上的资产。
它完美地显示了资产(尽管需要一些努力)。
我的 Cloudfront 设置:
Forward Headers: Whitelist
Whitelist Headers: Origin
Forward Query Strings: No
S3 存储桶的 CORS 设置:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
调用图片(咖啡)的JS
@mousemove (e) ->
ctx = $("<canvas>").attr(
width: @width
height: @height
)[0].getContext("2d")
ctx.drawImage(this, 0, 0, @width, @height)
# This is because firefox doesn't support offset[X|Y]
if(e.offsetX == undefined)
xpos = e.pageX - $(this).offset().left;
ypos = e.pageY - $(this).offset().top;
else
xpos = e.offsetX;
ypos = e.offsetY;
e.rgb = ctx.getImageData(xpos, ypos, 1, 1).data
return f.call this, e
这个错误是:Uncaught SecurityError: Failed to execute 'getImageData' on 'CanvasRenderingContext2D': The canvas has been tainted by cross-origin data.
卷曲请求:
curl -i -H "Origin: http://example.com/" http://randomness.cloudfront.net/franchisees/logos/000/000/006/icon/Screen_Shot_2014-08-06_at_15.21.14.png?1407334881
Response:
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 6888
Connection: keep-alive
Date: Wed, 06 Aug 2014 16:15:54 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Last-Modified: Wed, 06 Aug 2014 14:21:23 GMT
ETag: "6f266467cf0a570526869bcf280da412"
Accept-Ranges: bytes
Server: AmazonS3
Age: 21
Vary: Origin
X-Cache: Hit from cloudfront
Via: 1.1 16d4ae36524b457e558b982004526450.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 5Vm_eCn_lTOHEMzPEcmtCGYCUdOZ2r_9R4W6mEPTOPFUIJe0ilMP7g==
*snip*
这不是缓存问题,我每次都使用新鲜图像,尽管此请求位于缓存版本上。
我知道有解决方法,但我真的希望它能以这种方式工作。
我在这里缺少什么?