当前位置: 动力学知识库 > 问答 > 编程问答 >

ruby on rails - Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response

问题描述:

I understand that this question has been enumerated on here : Amazon S3 CORS (Cross-Origin Resource Sharing) and Firefox cross-domain font loading

I've also read through countless documentation from Amazon and Cloudfront and practically every SO post about this error. Likely, I'm missing one depressing detail.

My S3 by itself works fine. If I filter through my CDN CloudFront, then my request returns :

XMLHttpRequest cannot load -- Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response.

When I curl my bucket, the responses are :

> curl -I -H "Origin: https://subdomain.mywebsite.com" http://my_bucket.s3.amazonaws.com/quizzes/74/story.html?AWSAccessKeyId=AKIAIFSDFYEMNTQ%26Expires=1452124428%26Signature=MFXEAkrmPSSDxmKkomk4c71XaMCMEs%3D%26endpoint=https%3A%2F%2Fsubdomain.mywebsite.com%2Fquizzes%2F%26member_id=11270%26quiz_id=12787

HTTP/1.1 200 OK

x-amz-id-2: iurSjdcxVZy52sk+rADAMlNbGql3uw2KecZDDjh4WsXxpZgBXZyyWSBerZT9DZrFmHJVloQFsg8=

x-amz-request-id: AE0BEAFE51F3F358

Date: Wed, 06 Jan 2016 21:59:23 GMT

Access-Control-Allow-Origin: https://subdomain.mywebsite.com

Access-Control-Allow-Methods: HEAD, POST, PUT, DELETE

Access-Control-Allow-Credentials: true

Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method

Last-Modified: Sat, 22 Aug 2015 14:31:06 GMT

ETag: "429df932eeaf13bb7985d6b8f204a82f"

Accept-Ranges: bytes

Content-Type: text/html

Content-Length: 4331

Server: AmazonS3

When I curl my CDN, Cloudfront -- the responses are :

ॐ > curl -I -H "Origin: https://subdomain.mywebsite.com" https://dxyszkffffxlx.cloudfront.net/quizzes/74/story.html?AWSAccessKeyId=AKIAIVSDFSDFMNTQ%26Expires=1452124428%26Signature=MFXEAkrmSDFFc71XaMCMEs%3D%26endpoint=https%3A%2F%2Fsubdomain.mywebsite.com%2Fquizzes%2F%26member_id=11270%26quiz_id=12787

HTTP/1.1 200 OK

Content-Type: text/html

Content-Length: 4331

Connection: keep-alive

Date: Wed, 06 Jan 2016 22:20:49 GMT

Access-Control-Allow-Origin: https://subdomain.mywebsite.com

Access-Control-Allow-Methods: HEAD, POST, PUT, DELETE

Access-Control-Allow-Credentials: true

Last-Modified: Sat, 22 Aug 2015 14:31:06 GMT

ETag: "429df932eeaf13bb7985d6b8f204a82f"

Accept-Ranges: bytes

Server: AmazonS3

Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method

X-Cache: Miss from cloudfront

Via: 1.1 691e17f7f05f0a15dffffffe895c.cloudfront.net (CloudFront)

X-Amz-Cf-Id: JFbiPxbpy-tk75u56ALfffffFlnMMrOqhvdJWbHU5z0PCXYXpEzg==

My CORS configuration :

<?xml version="1.0" encoding="UTF-8"?>

<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">

<CORSRule>

<ID>production</ID>

<AllowedOrigin>https://*.mywebsite.com</AllowedOrigin>

<AllowedMethod>HEAD</AllowedMethod>

<AllowedMethod>POST</AllowedMethod>

<AllowedMethod>PUT</AllowedMethod>

<AllowedMethod>DELETE</AllowedMethod>

<AllowedHeader>Content-*</AllowedHeader>

</CORSRule>

</CORSConfiguration>

Does anyone know what I might be missing here? I tried quite a few different AllowedHeader options including just *, but all proved fruitless.

I also made sure that CloudFront's behavior is whitelisting the 3 available headers "Origin", "headers", and "methods". I also have it forwarding query strings.

I've also made sure to Invalidate my testing directory every time I make a change.


Updated

This is the error exactly :

XMLHttpRequest cannot load

https://subdomain.mywebsite.com/quizzes/statements/?method=PUT.

Request header field Content-Type is not allowed by

Access-Control-Allow-Headers in preflight response.

Here I am imitating the exact call :

curl -H "Access-Control-Allow-Headers:x-requested-with" \

-H "Origin: https://xhe4ht8dk5.cloudfront.net" \

-H "Access-Control-Allow-Methods:GET" \

-H "Access-Control-Allow-Origin:*" \

-H "Access-Control-Request-Headers:content-type" \

-H "Access-Control-Max-Age:3628800" \

-I -X OPTIONS --verbose \

https://subdomain.mywebsite.com/quizzes/activities/state?method=GET

Which returns :

 > https://subdomain.mywebsite.com/quizzes/activities/state?method=GET

* Trying 107.21.92.91...

* Connected to subdomain.mywebsite.com (66.24.92.91) port 443 (#0)

* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

* Server certificate: *.mywebsite.com

* Server certificate: Go Daddy Secure Certificate Authority - G2

* Server certificate: Go Daddy Root Certificate Authority - G2

> OPTIONS /quizzes/activities/state?method=GET HTTP/1.1

> Host: mysubdomain.mywebsite.com

> User-Agent: curl/7.43.0

> Accept: */*

> Access-Control-Allow-Headers:x-requested-with

> Origin: https://xhe4ht8dk5.cloudfront.net

> Access-Control-Allow-Methods:GET

> Access-Control-Allow-Origin:*

> Access-Control-Request-Headers:content-type

> Access-Control-Max-Age:3628800

>

< HTTP/1.1 200 OK

HTTP/1.1 200 OK

< Date: Thu, 07 Jan 2016 23:37:37 GMT

Date: Thu, 07 Jan 2016 23:37:37 GMT

< Connection: close

Connection: close

< Access-Control-Allow-Origin: *

Access-Control-Allow-Origin: *

< Access-Control-Allow-Methods: GET

Access-Control-Allow-Methods: GET

< Access-Control-Allow-Headers: x-requested-with

Access-Control-Allow-Headers: x-requested-with

< Access-Control-Max-Age: 3628800

Access-Control-Max-Age: 3628800

< Server: thin

Server: thin

< Via: 1.1 vegur

Via: 1.1 vegur

<

* Closing connection 0

分享给朋友:
您可能感兴趣的文章:
随机阅读: