AWSとCORSについて

最近、Amazon CloudSearchを使っていまして、AngularJSからクロスドメインでアクセスできないと思っていたら、CloudSearchはCORS非対応なのですね。

ちなみにCORS(Cross-Origin Resource Sharing)とはその名の通りクロスオリジンでリソースをシェアすることです。

CORS

クロスオリジンのデータ取得はセキュリティの観点から禁止されています。  
しかし、APIサーバー側(他のドメイン)などがAccess-Control-Allow-Originレスポンスヘッダーにアクセス元のドメインを設定することでクロスドメインでの情報の取得が可能になります。

よく似たものでjsonpがあると思うのですが、そちらの場合はjsonpからアクセスの場合はAPI等からのレスポンスヘッダーのContent-Typeをapplication/javascritptにする必要があります。

現在はjsonpより、CORSが使われることが多いので、jsonpは考えなくていいと思います。

詳細は以下を参照してください。
Cross-Origin Resource Sharing

そして実際、本当にCORS非対応なのかAWSに問い合わせてみました。

問い合わせ内容

Please tell me how to enable CORS in Cloud Search.
I can't get data from cloud search using AngularJS($resource.get()).
I want Access-Control-Allow-* headers from response header of Cloud Search.
Is there any options?

If I use jsonp, I want Content-Type:application/javascript from  Cloud Search.
※Not application/json

I want to use Cloud Search as a API.

AWSからの回答

Hello,

Thank you for your interest with using CORS with our AWS CloudSearch service.

I've reviewed your case and, although we’re not trained to assist with these types of technical inquiries within the AWS Customer Service team, I have been able to find the following information which may help.

I was unable to find information about our CloudSearch service support of CORS in our documentation. However, I was able to find some discussion about CloudSearch and CORS in our Developer Forums:

https://forums.aws.amazon.com/message.jspa?messageID=525466 https://forums.aws.amazon.com/message.jspa?messageID=554068 https://forums.aws.amazon.com/message.jspa?messageID=365568

If the above links are not what you are looking for then I hope that the information below is helpful in directing you to an appropriate support channel.

All Basic Support customers have access to AWS Documentation and User Guides, Developer Forums, and the full library of tutorials at no additional charge. You'll find links to the many resources and tools available in the AWS Support Center: https://console.aws.amazon.com/support/home/

The AWS Developer Forums allow customers to seek help from other experienced AWS developers as well as our technical engineers, who participate in the forum. Our AWS support engineers are able to review your account and provide technical assistance 24 hours a day.

You can access the 24 hour Developer Forums and post your question, at the following URL:

http://aws.amazon.com/forums

Additionally, you can go through our Documentation, White Papers and Best Practice Guides at the following URL:

http://aws.amazon.com/resources/

Alternatively, for one-on-one, 24 x 7 x 365 support with our AWS technical support engineers, you can sign up for a paid support plan (Developer starting at $49/month and Business starting at $100/month.)

Full service and pricing information is available at the following URL:

http://aws.amazon.com/premiumsupport/

You may consider working with our AWS Partners and Consultants to develop and manage your applications. You may find more information about our AWS Partner Network at the following link:

http://www.aws-partner-directory.com/

I hope the above information is helpful. Please let me know if you have any further questions or if there is anything else I can do for you.

Best regards,

Rowena Amazon Web Services We value your feedback. Please rate my response using the link below.

To contact us again about this case, please return to the AWS Support Center using the following URL:

https://console.aws.amazon.com/support/home#/case/?displayId=XXXXXXXX&language=en

(If you will connect by federation, log in before following the link.)

*Please note: this e-mail was sent from an address that cannot accept incoming e-mail. Please use the link above if you need to contact us again about this same issue.

Amazon Web Services, Inc. is an affiliate of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. or its affiliates.


もうすでにいろいろ話し合われていたようです。

結論としてはCloudSearchはCORS対応していないと。

しかし、S3はCORSに対応しています。

S3におけるCORSの設定

バケットに対してAdd CORS Configuration
↓
XML ドキュメントを記載して、Save

※詳細は以下をご覧ください

Cross-Origin Resource Sharing の有効化 - Amazon Simple Storage Service