Ceph rgw COR測試
目錄
一、測試過程
1、設置bucket類型為public-read 或者為public-reda-write的存儲桶。
下面這里建了一個public-read的存儲桶,其中ACL: *anon*: READ 表示該存儲桶的訪問類型為public-read
類型。
[root@control1 ~]# s3cmd info s3://test1111
s3://test1111/ (bucket):
Location: cn
Payer: BucketOwner
Expiration Rule: none
Policy: none
CORS: none
ACL: *anon*: READ
ACL: admin: FULL_CONTROL
URL: http://10.110.101.30:8080/test1111/
2、向該存儲桶上傳文件。並查看對象的權限。
[root@control1 ~]# s3cmd info s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg (object):
File size: 34790
Last mod: Tue, 02 Jun 2020 06:05:10 GMT
MIME type: application/octet-stream
Storage: STANDARD
MD5 sum: dcd6cadab3c9718b0a914424048364ac
SSE: none
Policy: none
CORS: none
ACL: admin: FULL_CONTROL
3、打開瀏覽器,打開console,輸入以下代碼,進行訪問測試
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://10.110.101.30:8080/test1111/15690311636958128.jpg');
xhr.send(null);
xhr.onload = function(e) {
var xhr = e.target;
console.log(xhr.responseText);
}
#######
Access to XMLHttpRequest at 'http://10.110.101.30:8080/test1111/15690311636958128.jpg' from origin 'chrome-search://local-ntp' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
執行回車,結果如下:
4、設置CORS規則
# 編輯cors規則
[root@control1 ~]# cat cors.xml
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedOrigin>*</AllowedOrigin>
<AllowedHeader>*</AllowedHeader>
<ExposeHeader>ETag</ExposeHeader>
</CORSRule>
</CORSConfiguration>
# 設置cor規則
[root@control1 ~]# s3cmd setcors cors.xml s3://test1111
#查看存儲桶的COR規則
[root@control1 ~]# s3cmd info s3://test1111
s3://test1111/ (bucket):
Location: cn
Payer: BucketOwner
Expiration Rule: none
Policy: none
CORS: <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><AllowedMethod>GET</AllowedMethod><AllowedMethod>PUT</AllowedMethod><AllowedMethod>DELETE</AllowedMethod><AllowedMethod>POST</AllowedMethod><AllowedOrigin>*</AllowedOrigin><AllowedHeader>*</AllowedHeader><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
ACL: *anon*: READ
ACL: admin: FULL_CONTROL
URL: http://10.110.101.30:8080/test1111/
# 查看object的規則
[root@control1 ~]# s3cmd info s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg (object):
File size: 34790
Last mod: Tue, 02 Jun 2020 06:05:10 GMT
MIME type: application/octet-stream
Storage: STANDARD
MD5 sum: dcd6cadab3c9718b0a914424048364ac
SSE: none
Policy: none
CORS: <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><AllowedMethod>GET</AllowedMethod><AllowedMethod>PUT</AllowedMethod><AllowedMethod>DELETE</AllowedMethod><AllowedMethod>POST</AllowedMethod><AllowedOrigin>*</AllowedOrigin><AllowedHeader>*</AllowedHeader><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
ACL: admin: FULL_CONTROL
5、訪問測試
看上圖還是不能訪問,提示accessdenied
我們需要給對象設置為任何人都可以讀取
# 將object的acl規則設置為public-read
[root@control1 ~]# s3cmd setacl -P s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg: ACL set to Public [1 of 1]
# 查看對象相關的變量信息
[root@control1 ~]# s3cmd info s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg (object):
File size: 34790
Last mod: Tue, 02 Jun 2020 06:27:11 GMT
MIME type: application/octet-stream
Storage: STANDARD
MD5 sum: dcd6cadab3c9718b0a914424048364ac
SSE: none
Policy: none
CORS: <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><AllowedMethod>GET</AllowedMethod><AllowedMethod>PUT</AllowedMethod><AllowedMethod>DELETE</AllowedMethod><AllowedMethod>POST</AllowedMethod><AllowedOrigin>*</AllowedOrigin><AllowedHeader>*</AllowedHeader><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
ACL: *anon*: READ
ACL: admin: FULL_CONTROL
URL: http://10.110.101.30:8080/test1111/15690311636958128.jpg