javascript - 从浏览器上传到S3时为什么会出现403错误？(Why am I getting a 403 error when uploading to S3 from the browser?)

Question

So I've tried looking through previous answers on here and nothing seems to be working.

(因此，我尝试浏览此处的先前答案，但似乎没有任何效果。)

I'm using Dropzone, which appears to make an OPTIONS request to get all the allowed CORS related information, but it doesn't seem to be returning properly

(我正在使用Dropzone，它似乎发出了一个OPTIONS请求，以获取所有允许的CORS相关信息，但是它似乎没有正确返回)

So from looking in the Chrome dev tools, I have the following Request Headers

(因此，通过查看Chrome开发者工具，我可以看到以下请求标头)

Host: mybucket.s3.amazonaws.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: POST
Origin: http://localhost:9010
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Access-Control-Request-Headers: accept, cache-control, content-type, x-requested-with
Accept: */*
Referer: http://localhost:9010/upload
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

And these are the Response Headers I'm getting

(这些是我得到的响应标题)

HTTP/1.1 403 Forbidden
x-amz-request-id: 9BE37C4F32052EAB
x-amz-id-2: Zxg+v9AQ7G7sgMKz4P7xleUhrymyWGbBNNof8jFFsZ5n0Xw8T/mPovbMO55HZ5fL
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Fri, 28 Aug 2015 18:35:26 GMT
Server: AmazonS3

According to the AWS documentation I should be getting Access-Control-Allow-Methods and Access-Control-Allow-Headers among things, but I don't seem to be.

(根据AWS文档，我应该在其中获得Access-Control-Allow-Methods和Access-Control-Allow-Header ，但似乎不是。)

I know my bucket is valid, and the url is valid and my CORS file in the bucket is as follows:

(我知道我的存储桶有效，并且网址有效，并且存储桶中的CORS文件如下：)

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

So in terms of the form data that's being sent, I have the following:

(因此，对于要发送的表单数据，我有以下几点：)

acl
key
policy
x-amx-credential
x-amz-algorithm
x-amz-date
x-amz-signature

In addition to the file data.

(除了文件数据。)

I don't think there's anything I'm missing

(我不认为有什么我想念的)

  ask by Programmer Unextraordinair translate from so

Answer 1

Agh, it was super dumb.

(啊，真是愚蠢。)

It seems according to the page on enabling CORS that for OPTIONS requests:

(似乎在启用CORS的页面上显示了针对OPTIONS请求的信息：)

Every header listed in the request's Access-Control-Request-Headers header on the preflight request must match an AllowedHeader element.

(预检请求中请求的Access-Control-Request-Headers头中列出的每个头都必须与AllowedHeader元素匹配。)

Meaning I had to add a bunch of previously missing lines to my CORS policy

(这意味着我必须在CORS政策中添加一些以前缺少的行)

<AllowedHeader>accept</AllowedHeader>
<AllowedHeader>cache-control</AllowedHeader>
...