- Le plus récent
- Le plus de votes
- La plupart des commentaires
Greetings, The problem might be a subtle typo or whitespace issue in your policy, and here's how you might fix it.
In your provided policy, there's a space before the "MY NEW DOMAIN/*". This space might be causing the comparison to fail, as it won't match the referer header sent by the browser.
Here's the corrected policy:
{
"Version": "2008-10-17",
"Id": "Policy1408118342443",
"Statement": [
{
"Sid": "Stmt1408118336209",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::owrvideos/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"MY FIRST DOMAIN/*",
"MY NEW DOMAIN/*"
]
}
}
}
]
}
Make sure to replace "MY FIRST DOMAIN/" and "MY NEW DOMAIN/" with the actual domain names that you want to use, e.g., "https://www.example.com/*".
Another thing to verify is the exact format of the referer header sent by browsers when accessing content on the new domain. It might be useful to debug the requests from the new domain using browser developer tools or server logs to make sure the referer header matches what you have in your policy.
Also, ensure that you have properly configured CORS (Cross-Origin Resource Sharing) settings if needed, as this might be another source of 403 errors.
Please let me know if I answered your question.
Is there a "referer" in the header of the new domain's website?
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-referer
What happens if I set "referer" directly in the header, etc.?
<meta name="referer" content="origin">
Contenus pertinents
- demandé il y a un an
- demandé il y a 7 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 10 mois
- AWS OFFICIELA mis à jour il y a un an
As for the bucket policy, all are set to Deny as follows. By setting "StringNotLike", access from domains other than the one you have set will be denied.