LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@testnin2(Shinobu Yasuda)

IBM Cloud: ICOSでCORS(Cross Origin Resource Sharing)の設定と動作確認を行ってみる

Posted at

1. はじめに

ICOS(IBM Cloud Object Storage)にはCORS(Cross Origin Resource Sharing)の設定が可能である。
今回は、Public Access可能なICOS bucket(=API Keyなしでread可能なbucket)に対して、CORSを設定してその動作確認をcurlで行ってみた。

ドキュメント

2. CORSの設定と確認

icos-cors.json
{
  "CORSRules": [
    {
      "AllowedOrigins": [
        "example.com"
      ],
      "AllowedMethods": [
        "GET",
        "HEAD"
      ],
      "MaxAgeSeconds": 100,
      "AllowedHeaders": [
        "Authorization",
        "X-Requested-With",
        "X-HTTP-Method-Override",
        "Origin",
        "X-Csrftoken",
        "Content-Type",
        "Accept"
      ],
      "ExposeHeaders": [
        ""
      ]
    }
  ]
}

# ibmcloud cos bucket-cors-put --bucket mybucketxxx  --cors-configuration file://icos-cors.json
OK
Successfully set CORS configuration on bucket: mybucketxxx

# ibmcloud cos bucket-cors-get --bucket mybucketxxx
OK
The CORS configuration of mybucketxxx:
{
  CORSRules: [{
      AllowedHeaders: [
        "authorization",
        "x-requested-with",
        "x-http-method-override",
        "origin",
        "x-csrftoken",
        "content-type",
        "accept"
      ],
      AllowedMethods: ["GET","HEAD"],
      AllowedOrigins: ["example.com"],
      ExposeHeaders: [""],
      MaxAgeSeconds: 100
    }]
}

3. CORSのテスト

curlで-Iを指定しているということは、HTTPリクエストはHEADメソッドである。

HOSTヘッダーがexample.comではないのでNG
$ curl -I https://mybucketxxx.s3.direct.jp-tok.cloud-object-storage.appdomain.cloud/index.html
HTTP/1.1 200 OK
Date: Tue, 12 Apr 2022 01:43:48 GMT
X-Clv-Request-Id: aa497159-e354-4b07-b6e3-e1d82f416028
Server: Cleversafe
X-Clv-S3-Version: 2.5
Accept-Ranges: bytes
x-amz-request-id: aa497159-e354-4b07-b6e3-e1d82f416028
ETag: "665b400d032165343e6ab6c7aac1ba97"
Content-Type: text/html
Last-Modified: Thu, 31 Mar 2022 23:31:10 GMT
Content-Length: 284
HOSTヘッダーがexample.comなので条件に適合し、Acess-Controlヘッダが返ってくる
$ curl -I https://mybucketxxx.s3.direct.jp-tok.cloud-object-storage.appdomain.cloud/index.html -H "Origin: example.com"
HTTP/1.1 200 OK
Date: Wed, 13 Apr 2022 00:49:54 GMT
X-Clv-Request-Id: ed3e8299-52df-4db1-9e0a-fc638b7eafd1
Server: Cleversafe
X-Clv-S3-Version: 2.5
Accept-Ranges: bytes
x-amz-request-id: ed3e8299-52df-4db1-9e0a-fc638b7eafd1
Access-Control-Expose-Headers:
Access-Control-Allow-Origin: example.com
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Headers, Access-Control-Allow-Methods
Access-Control-Max-Age: 100
ETag: "665b400d032165343e6ab6c7aac1ba97"
Content-Type: text/html
Last-Modified: Thu, 31 Mar 2022 23:31:10 GMT
Content-Length: 284

4. CORSのテスト2(Access-Control-Request-Methodを利用)

(参考)https://aws.amazon.com/jp/premiumsupport/knowledge-center/s3-configure-cors/

GETは許可されているのでAcess-Controlヘッダが返ってくる
$ curl -i https://mybucketxxx.s3.direct.jp-tok.cloud-object-storage.appdomain.cloud/index.html -H "Access-Control-Request-Method: GET" --request OPTIONS -H "Origin: example.com"
HTTP/1.1 200 OK
Date: Wed, 13 Apr 2022 00:44:13 GMT
X-Clv-Request-Id: 9e0528ba-a151-40f5-ba78-4a48e108288b
Server: Cleversafe
X-Clv-S3-Version: 2.5
x-amz-request-id: 9e0528ba-a151-40f5-ba78-4a48e108288b
Access-Control-Expose-Headers:
Access-Control-Allow-Origin: example.com
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Credentials: true
Vary: Origin, Access-Control-Request-Headers, Access-Control-Allow-Methods
Access-Control-Max-Age: 100
Content-Length: 0
POSTは許可されているのでAcess-Controlヘッダが返ってこない。エラーが返る。
$ curl -i https://mybucketxxx.s3.direct.jp-tok.cloud-object-storage.appdomain.cloud/index.html -H "Access-Control-Request-Method: POST" --request OPTIONS -H "Origin: example.com"
HTTP/1.1 403 Forbidden
X-Clv-Request-Id: 9177a071-f4e1-4279-b873-c6ede21aef48
Server: Cleversafe
X-Clv-S3-Version: 2.5
x-amz-request-id: 9177a071-f4e1-4279-b873-c6ede21aef48
Date: Wed, 13 Apr 2022 00:45:04 GMT
Content-Type: application/xml
Content-Length: 507

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Error><Code>AccessForbidden</Code><Message>CORSResponse: This CORS request is not allowed. This is usually because the evaluation of Origin, request method / Access-Control-Request-Method or Access-Control-Request-Headers are not whitelisted by the resource's CORS spec.</Message><Method>OPTIONS</Method><Resource>/mybucketxxx/index.html</Resource><RequestId>9177a071-f4e1-4279-b873-c6ede21aef48</RequestId><httpStatusCode>403</httpStatusCode></Error>

5. 後始末(CORSの設定削除)

$ ibmcloud cos bucket-cors-delete --bucket mybucketxxx
OK
Successfully deleted CORS configuration on bucket: mybucketxxx
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?