- 新しい順
- 投票が多い順
- コメントが多い順
Greetings, The problem might be a subtle typo or whitespace issue in your policy, and here's how you might fix it.
In your provided policy, there's a space before the "MY NEW DOMAIN/*". This space might be causing the comparison to fail, as it won't match the referer header sent by the browser.
Here's the corrected policy:
{
"Version": "2008-10-17",
"Id": "Policy1408118342443",
"Statement": [
{
"Sid": "Stmt1408118336209",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::owrvideos/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"MY FIRST DOMAIN/*",
"MY NEW DOMAIN/*"
]
}
}
}
]
}
Make sure to replace "MY FIRST DOMAIN/" and "MY NEW DOMAIN/" with the actual domain names that you want to use, e.g., "https://www.example.com/*".
Another thing to verify is the exact format of the referer header sent by browsers when accessing content on the new domain. It might be useful to debug the requests from the new domain using browser developer tools or server logs to make sure the referer header matches what you have in your policy.
Also, ensure that you have properly configured CORS (Cross-Origin Resource Sharing) settings if needed, as this might be another source of 403 errors.
Please let me know if I answered your question.
Is there a "referer" in the header of the new domain's website?
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-referer
What happens if I set "referer" directly in the header, etc.?
<meta name="referer" content="origin">
As for the bucket policy, all are set to Deny as follows. By setting "StringNotLike", access from domains other than the one you have set will be denied.