前端开发在使用CDN-COS产品时,经常会遇到应用上的跨域访问,腾讯云COS和CDN两款产品都可以自主设置跨域响应头,但又有一些差异,本文介绍一下常见的访问失败的问题和验证方式。
COS我们在控制台https://console.cloud.tencent.com/cos5
设置CORS跨域
CDN我们在控制台https://console.cloud.tencent.com/cdn/domains
设置响应头部设置
这里特意设置COS和CDN的Access-Control-Allow-Origin为不同的,目的是测试的时候用于区分。
在某些添加下跨域请求会执行简单请求,不做预检检查,所以我们分别将OPTIONS和跨域行为使用curl的方式来模拟浏览器行为测试
跨域的详细原理可以参考:https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Access_control_CORS
正常场景1:针对于模拟正常的跨域请求,我们测试OPTIONS和GET请求如下
同时,也存在一些由于设置问题导致报错的场景。
场景2:当COS上设置的跨域Origin为https://cos.com,而实际请求的Request Header为http://cos.com或者为https://www.cos.com
在这种条件下,Origin不一致或者 Access-Control-Request-Method不一致,这都需要强一致性验证,所以response会返回403状态码,验证不通过。
场景3:COS搭配CDN来使用时,由于CDN设置Access-Control-Allow-Origin和COS的设置的来源Origin不一致这种情况下也要注意。
例如CDN设置的是https://cdn.com
COS设置的是https://cos.com
这个时候,对于OPTIONS CDN全部回源验证,所以一定要输入源站的Origin,才可以验证通过,即使CDN资源被缓存。
场景4:对于GET请求的异常场景,当错误的Request Origin时,Server端会返回200,但是不会输出跨域响应头。例如:
场景5:同时还有一种场景需要注意。在访问COS V4和V5域名时,响应的头部信息也略有不同,例如,COS跨域头设置为*,而请求时带入具体域名时会返回
V5域名规范参考https://cloud.tencent.com/document/product/436/6224
V4域名规范参考https://cloud.tencent.com/document/product/436/7777
这里会看到主要区别在于Access-Control-Allow-Origin的响应内容,V4响应的是一个具体的请求域名内容,V5响应的是配置的*,V4目前有计划再向V5的规范靠拢。目前情况下,建议如果还在使用V4域名,可以尽快手动升级到V5域名。(修改CDN源站,业务请求地址)
场景6:在CDN和COS设置的跨域响应头不同是,同时又开启了CDN的缓存源站所有响应头开关后,发起GET请求。
当第一次回源时源站响应COS跨域头为htts://cos.com,同时缓存资源。
当第二次请求缓存内容时,CDN会处理缓存的COS内容,同时将Access-Control-Allow-Origin修改为CDN的响应头:https://cdn.com
一下是上述测试的横向对比
COS V4 | COS V5 | CDN | |
---|---|---|---|
【正常】OPTIONS | curl 'http://wainsungz-1253985742.cosgz.myzijiebao.com/1.txt' -voa /dev/null -X OPTIONS -H 'Origin: https://cos.com' -H 'Access-Control-Request-Method: POST' -H 'Access-Control-Request-Headers: X-COS, Content-Type' > OPTIONS /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.cosgz.myzijiebao.com > Accept: */* > Origin: https://cos.com > Access-Control-Request-Method: POST > Access-Control-Request-Headers: X-COS, Content-Type > < HTTP/1.1 200 OK < Access-Control-Allow-Credentials: true < Access-Control-Allow-Headers: x-cos, content-type < Access-Control-Allow-Methods: PUT,GET,POST,DELETE < Access-Control-Allow-Origin: https://cos.com < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age: 10 < Content-Type: text/octet < Content-Length: 0 | curl 'http://wainsungz-1253985742.cos.ap-guangzhou.myzijiebao.com/1.txt' -voa /dev/null -X OPTIONS -H 'Origin: https://cos.com' -H 'Access-Control-Request-Method: POST' -H 'Access-Control-Request-Headers: X-COS, Content-Type' > OPTIONS /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.cos.ap-guangzhou.myzijiebao.com > Accept: */* > Origin: https://cos.com > Access-Control-Request-Method: POST > Access-Control-Request-Headers: X-COS, Content-Type > < HTTP/1.1 200 OK < Content-Length: 0 < Connection: keep-alive < Access-Control-Allow-Credentials: true < Access-Control-Allow-Headers: x-cos, content-type < Access-Control-Allow-Methods: PUT,GET,POST,DELETE < Access-Control-Allow-Origin: https://cos.com < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age: 10 < Date: Fri, 11 Sep 2020 07:31:39 GMT < Server: tencent-cos < x-cos-request-id: NWY1YjI3ZGJfYTYxYzBiMDlfMjI5MF85OWZhY2E= | curl 'http://wainsungz-1253985742.file.myzijiebao.com/1.txt' -voa /dev/null -X OPTIONS -H 'Origin: https://cos.com' -H 'Access-Control-Request-Method: POST' -H 'Access-Control-Request-Headers: X-COS, Content-Type' > OPTIONS /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.file.myzijiebao.com > Accept: */* > Origin: https://cos.com > Access-Control-Request-Method: POST > Access-Control-Request-Headers: X-COS, Content-Type > < HTTP/1.1 200 OK < Server: tencent-cos < Connection: keep-alive < Date: Fri, 11 Sep 2020 07:32:21 GMT < Content-Type: text/plain < Content-Length: 0 < X-NWS-UUID-VERIFY: 3dfe1200a69b0f32ca54ec1b4ab2081a < Access-Control-Allow-Credentials: true < Access-Control-Allow-Headers: x-cos, content-type < Access-Control-Allow-Methods: PUT,GET,POST,DELETE < Access-Control-Allow-Origin: https://cos.com < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age: 10 < x-cos-request-id: NWY1YjI4MDVfNjBhYTk0MGFfOWE0Zl9hODNkYjM= < X-NWS-LOG-UUID: 10243513050136528135 e203ba9a7c37ee35dbccfda79d855937 < X-Daa-Tunnel: hop_count=2 |
【正常】GET | curl 'http://wainsungz-1253985742.cosgz.myzijiebao.com/1.txt' -voa /dev/null -H 'Origin: https://cos.com' > GET /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.cosgz.myzijiebao.com > Accept: */* > Origin: https://cos.com > < HTTP/1.1 200 OK < Server: TencentCOS < x-cos-storage-class: STANDARD < x-cos-version-id: MTg0NDUxNTIxOTgyNjg1NTMxMjU < x-cos-hash-crc64ecma: 318318745347147982 < Content-Type: text/plain < Content-Disposition: attachment; filename*="UTF-8''1.txt" < Content-Language: zh-CN < Access-Control-Allow-Origin: https://cos.com < Access-Control-Allow-Methods: PUT,GET,POST,DELETE < Access-Control-Allow-Headers: < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age: 10 < ETag: e10adc3949ba59abbe56e057f20f883e < x-cos-object-type: normal < Accept-Ranges: bytes < Last-Modified: Thu, 11 Jun 2020 19:37:20 GMT < Content-Length: 6 | curl 'http://wainsungz-1253985742.cos.ap-guangzhou.myzijiebao.com/1.txt' -voa /dev/null -H 'Origin: https://cos.com' > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.cos.ap-guangzhou.myzijiebao.com > Accept: */* > Origin: https://cos.com > < HTTP/1.1 200 OK < Content-Type: text/plain < Content-Length: 6 < Connection: keep-alive < Accept-Ranges: bytes < Access-Control-Allow-Credentials: true < Access-Control-Allow-Methods: PUT,GET,POST,DELETE < Access-Control-Allow-Origin: https://cos.com < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age: 10 < Date: Fri, 11 Sep 2020 07:39:08 GMT < ETag: "e10adc3949ba59abbe56e057f20f883e" < Last-Modified: Thu, 11 Jun 2020 19:37:20 GMT < Server: tencent-cos < x-cos-hash-crc64ecma: 318318745347147982 < x-cos-request-id: NWY1YjI5OWNfMmQxZTI4MDlfMzYzM2RfOGRlZTMy < x-cos-version-id: MTg0NDUxNTIxOTgyNjg1NTMxMjU | curl 'http://wainsungz-1253985742.file.myzijiebao.com/1.txt' -voa /dev/null -H 'Origin: https://cos.com' > GET /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.file.myzijiebao.com > Accept: */* > Origin: https://cos.com > < HTTP/1.1 200 OK < Server: nws_ocmid_hy < Connection: keep-alive < Date: Fri, 11 Sep 2020 07:39:32 GMT < Cache-Control: max-age=600 < Expires: Fri, 11 Sep 2020 07:49:32 GMT < Last-Modified: Thu, 11 Jun 2020 19:37:20 GMT < Content-Type: text/plain < Content-Length: 6 < X-NWS-UUID-VERIFY: c922f278c0d6a3ceb7b2575428512d0f < X-NWS-LOG-UUID: 12873670890631644945 3308139cfa6c799eb06a1168794f9ab1 < X-Cache-Lookup: Hit From Disktank3 < Accept-Ranges: bytes < ETag: "e10adc3949ba59abbe56e057f20f883e" < x-cos-hash-crc64ecma: 318318745347147982 < x-cos-request-id: NWY1YjI0ZDBfN2JhNTNiMGFfMTNkMGFfOWQ4MzZl < x-cos-version-id: MTg0NDUxNTIxOTgyNjg1NTMxMjU < X-Daa-Tunnel: hop_count=3 < X-Cache-Lookup: Hit From Inner Cluster < Access-Control-Expose-Headers: X-myHeader < X-Cache-Lookup: Hit From Upstream < X-Cache-Lookup: Hit From Inner Cluster |
【异常】OPTIONS | curl 'http://wainsungz-1253985742.cosgz.myzijiebao.com/1.txt' -voa /dev/null -X OPTIONS -H 'Origin: http://cos.com' -H 'Access-Control-Request-Method: POST' -H 'Access-Control-Request-Headers: X-COS, Content-Type' > OPTIONS /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.cosgz.myzijiebao.com > Accept: */* > Origin: http://cos.com > Access-Control-Request-Method: POST > Access-Control-Request-Headers: X-COS, Content-Type > < HTTP/1.1 403 Forbidden < Err-Code: -29232 < Err-msg: ERR_OPTIONS_CORSRULE_NOT_MATCH < ServerIP: 127.1.1.1 < Content-Type: text/octet < Content-Length: 0 | curl 'http://wainsungz-1253985742.cos.ap-guangzhou.myzijiebao.com/1.txt' -voa /dev/null -X OPTIONS -H 'Origin: https://www.cos.com' -H 'Access-Control-Request-Method: POST' -H 'Access-Control-Request-Headers: X-COS, Content-Type' > OPTIONS /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.cos.ap-guangzhou.myzijiebao.com > Accept: */* > Origin: https://www.cos.com > Access-Control-Request-Method: POST > Access-Control-Request-Headers: X-COS, Content-Type > < HTTP/1.1 403 Forbidden < Content-Type: application/xml < Content-Length: 675 < Connection: keep-alive < Date: Fri, 11 Sep 2020 08:00:56 GMT < Server: tencent-cos < x-cos-request-id: NWY1YjJlYjhfY2VhMzNiMGFfOTg5NF9hOTI0YmI= < x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4OWM4Y2M5MzI5ZmUzN2FjZDk1OTRjYWI5Yjg5OTJlZDA= | curl 'http://wainsungz-1253985742.file.myzijiebao.com/1.txt' -voa /dev/null -X OPTIONS -H 'Origin: https://cdn.com' -H 'Access-Control-Request-Method: POST' -H 'Access-Control-Request-Headers: X-COS, Content-Type' > OPTIONS /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.file.myzijiebao.com > Accept: */* > Origin: https://cdn.com > Access-Control-Request-Method: POST > Access-Control-Request-Headers: X-COS, Content-Type > < HTTP/1.1 403 Forbidden < Server: tencent-cos < Connection: keep-alive < Date: Fri, 11 Sep 2020 08:02:40 GMT < Content-Type: application/xml < Content-Length: 675 < X-NWS-UUID-VERIFY: ad21f8835ef5bde2c9c4c1adcc21dbee < x-cos-request-id: NWY1YjJmMjBfNGYyMjI4MDlfN2FhXzk1MGFjOQ== < x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4OWM4Y2M5MzI5ZmUzN2FjZDk1OTRjYWI5Yjg5OTJlZDA= < X-NWS-LOG-UUID: 2788025760117930650 3308139cfa6c799eb06a1168794f9ab1 < X-Daa-Tunnel: hop_count=2 < Access-Control-Expose-Headers: X-myHeader |
【异常】GET | curl 'http://wainsungz-1253985742.cosgz.myzijiebao.com/1.txt' -voa /dev/null -H 'Origin: https://cdn.com' > GET /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.cosgz.myzijiebao.com > Accept: */* > Origin: https://cdn.com > < HTTP/1.1 200 OK < Server: TencentCOS < x-cos-storage-class: STANDARD < x-cos-version-id: MTg0NDUxNTIxOTgyNjg1NTMxMjU < x-cos-hash-crc64ecma: 318318745347147982 < Content-Type: text/plain < Content-Disposition: attachment; filename*="UTF-8''1.txt" < Content-Language: zh-CN < ETag: e10adc3949ba59abbe56e057f20f883e < x-cos-object-type: normal < Accept-Ranges: bytes < Last-Modified: Thu, 11 Jun 2020 19:37:20 GMT < Content-Length: 6 [缺少response跨域头] | curl 'http://wainsungz-1253985742.cos.ap-guangzhou.myzijiebao.com/1.txt' -voa /dev/null -H 'Origin: https://cdn.com' > GET /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.cos.ap-guangzhou.myzijiebao.com > Accept: */* > Origin: https://cdn.com > < HTTP/1.1 200 OK < Content-Type: text/plain < Content-Length: 6 < Connection: keep-alive < Accept-Ranges: bytes < Date: Fri, 11 Sep 2020 08:25:41 GMT < ETag: "e10adc3949ba59abbe56e057f20f883e" < Last-Modified: Thu, 11 Jun 2020 19:37:20 GMT < Server: tencent-cos < x-cos-hash-crc64ecma: 318318745347147982 < x-cos-request-id: NWY1YjM0ODVfNzExYjdhNjRfNDFiNV9hZWMzNWU= < x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4OWM4Y2M5MzI5ZmUzN2FjZDk1OTRjYWI5Yjg5OTJlZDA= < x-cos-version-id: MTg0NDUxNTIxOTgyNjg1NTMxMjU [缺少response跨域头] | |
【注意】 | 配置来源 Origin为* curl 'http://wainsungz-1253985742.cosgz.myzijiebao.com/1.txt' -voa /dev/null -H 'Origin: https://cos.com' > GET /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.cosgz.myzijiebao.com > Accept: */* > Origin: https://cos.com > < HTTP/1.1 200 OK < Server: TencentCOS < x-cos-storage-class: STANDARD < x-cos-version-id: MTg0NDUxNTIxOTgyNjg1NTMxMjU < x-cos-hash-crc64ecma: 318318745347147982 < Content-Type: text/plain < Content-Disposition: attachment; filename*="UTF-8''1.txt" < Content-Language: zh-CN < Access-Control-Allow-Origin: https://cos.com < Access-Control-Allow-Methods: PUT,GET,POST,DELETE < Access-Control-Allow-Headers: < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age: 10 < ETag: e10adc3949ba59abbe56e057f20f883e < x-cos-object-type: normal < Accept-Ranges: bytes < Last-Modified: Thu, 11 Jun 2020 19:37:20 GMT < Content-Length: 6 | 配置来源 Origin为* curl 'http://wainsungz-1253985742.cos.ap-guangzhou.myzijiebao.com/1.txt' -voa /dev/null -H 'Origin: https://cos.com' > GET /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.cos.ap-guangzhou.myzijiebao.com > Accept: */* > Origin: https://cos.com > < HTTP/1.1 200 OK < Content-Type: text/plain < Content-Length: 6 < Connection: keep-alive < Accept-Ranges: bytes < Access-Control-Allow-Methods: PUT,GET,POST,DELETE < Access-Control-Allow-Origin: * < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age: 10 < Date: Fri, 11 Sep 2020 11:16:55 GMT < ETag: "e10adc3949ba59abbe56e057f20f883e" < Last-Modified: Thu, 11 Jun 2020 19:37:20 GMT < Server: tencent-cos < x-cos-hash-crc64ecma: 318318745347147982 < x-cos-request-id: NWY1YjVjYTdfNjRhNDYyNjRfMzk1Y19hOGMxNWQ= < x-cos-version-id: MTg0NDUxNTIxOTgyNjg1NTMxMjU | 开启-CDN-HTTP头部缓存配置-缓存源站所有头部 第一次执行 curl 'http://wainsungz-1253985742.file.myzijiebao.com/1.txt' -voa /dev/null -H 'Origin: https://cos.com' > GET /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.file.myzijiebao.com > Accept: */* > Origin: https://cos.com > < HTTP/1.1 200 OK < Server: nws_ocmid_hy < Connection: keep-alive < Date: Fri, 11 Sep 2020 08:46:23 GMT < Cache-Control: max-age=600 < Expires: Fri, 11 Sep 2020 08:56:23 GMT < Last-Modified: Thu, 11 Jun 2020 19:37:20 GMT < Content-Type: text/plain < Content-Length: 6 < X-NWS-UUID-VERIFY: 09bfff14631536aa2611471bcccc605f < X-NWS-LOG-UUID: 7295163679666373767 e203ba9a7c37ee350ed1318f66c34b2d < X-Cache-Lookup: Hit From Disktank3 < Accept-Ranges: bytes < Access-Control-Allow-Credentials: true < Access-Control-Allow-Methods: PUT,GET,POST,DELETE < Access-Control-Allow-Origin: https://cos.com < Access-Control-Expose-Headers: X-myHeader < Access-Control-Max-Age: 10 < ETag: "e10adc3949ba59abbe56e057f20f883e" < x-cos-hash-crc64ecma: 318318745347147982 < x-cos-request-id: NWY1YjM5NWZfYTdhODYyNjRfMThjMV85ZWNmMWI= < x-cos-version-id: MTg0NDUxNTIxOTgyNjg1NTMxMjU < X-Daa-Tunnel: hop_count=3 < X-Cache-Lookup: Hit From Inner Cluster < X-Cache-Lookup: Hit From Upstream < X-Cache-Lookup: Hit From Inner Cluster 第二次执行 curl 'http://wainsungz-1253985742.file.myzijiebao.com/1.txt' -voa /dev/null -H 'Origin: https://cdn.com' > GET /1.txt HTTP/1.1 > User-Agent: curl/7.29.0 > Host: wainsungz-1253985742.file.myzijiebao.com > Accept: */* > Origin: https://cdn.com > < HTTP/1.1 200 OK < Server: NWS_TCloud_S1 < Connection: keep-alive < Date: Fri, 11 Sep 2020 08:46:29 GMT < Cache-Control: max-age=600 < Expires: Fri, 11 Sep 2020 08:56:29 GMT < Last-Modified: Thu, 11 Jun 2020 19:37:20 GMT < Content-Type: text/plain < Content-Length: 6 < X-NWS-LOG-UUID: 10218478982497005771 e203ba9a7c37ee352f946992c293b33f < Access-Control-Expose-Headers: X-myHeader < Access-Control-Allow-Origin: https://cdn.com < X-Cache-Lookup: Hit From Disktank3 < X-NWS-UUID-VERIFY: 6942098c99c897cc3e33e1551130e21a < Accept-Ranges: bytes < Access-Control-Allow-Credentials: true < Access-Control-Allow-Methods: PUT,GET,POST,DELETE < Access-Control-Max-Age: 10 < ETag: "e10adc3949ba59abbe56e057f20f883e" < x-cos-hash-crc64ecma: 318318745347147982 < x-cos-request-id: NWY1YjM5NWJfMjUyYzI4MDlfMTIxN184M2Y2YWY= < x-cos-version-id: MTg0NDUxNTIxOTgyNjg1NTMxMjU [回源时,跨域响应头以源站为准, CDN缓存时,跨域响应头的重复response跨域头会替换成CDN配置头信息] |