Reputation: 1064
AWS S3 - CORS OPTIONS Preflight throwing 400 Bad Request during DELETE w/ VersionId
I am attempting a deleteObject request for a delete marker using the Key of the object and the VersionID of the delete marker.
Because of CORS, the browser (Chrome 34.0.1847.11) sends an OPTIONS preflight request to: http://bucket.s3-us-west-2.amazonaws.com/Folder/File.ext?versionId=0123456789
Amazon S3 responds with 400 (Bad Request) with the following XML body:
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>InvalidArgument</Code>
<Message>This operation does not accept a version-id.</Message>
<ArgumentValue>0123456789</ArgumentValue>
<ArgumentName>versionId</ArgumentName>
<RequestId>12345</RequestId>
<HostId>1122334455</HostId>
</Error>
Because the XMLHttpRequest returns 400 (Bad Request), the DELETE request never gets executed. I am under the impression that AWS isn't handling the options request correctly. If there is a workaround, that would be great!
My current CORS policy on the bucket is:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
FYI: I am using the AWS SDK for JS 2.0.0-rc10
Thank you in advance.
EDIT 1:
I tried adding <AllowedMethod>OPTIONS</AllowedMethod> but Amazon returns Found unsupported HTTP method in CORS config. Unsupported method is OPTIONS
EDIT 2:
OPTIONS request/response headers:
Remote Address: *********:443
Request URL: https://bucket.s3-us-west-2.amazonaws.com/path/to/file_name?versionId=0123456789
Request Method: OPTIONS
Status Code: 400 Bad Request
Request Headers
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Access-Control-Request-Headers: x-amz-user-agent, x-amz-security-token, x-amz-date, authorization, content-type
Access-Control-Request-Method: DELETE
Cache-Control: no-cache
Connection: keep-alive
DNT: 1
Host: bucket.s3-us-west-2.amazonaws.com
Origin: https://website.com
Pragma: no-cache
Referer: https://website.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.60 Safari/537.36
Query String Parameters
versionId: 0123456789
Response Headers
Access-Control-Allow-Headers: x-amz-user-agent, x-amz-security-token, x-amz-date, authorization, content-type
Access-Control-Allow-Methods: HEAD, GET, PUT, POST, DELETE
Access-Control-Allow-Origin: *
Connection: close
Content-Type: application/xml
Date: Tue, 18 Mar 2014 23:59:15 GMT
Server: AmazonS3
Transfer-Encoding: chunked
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-id-2: *************************
x-amz-request-id: ***********
The delete request doesn't ever actually happen because the OPTIONS fails.
Upvotes: 27
Views: 29368
Answers (1)
Reputation: 2620
I just ran into this problem. It only occurs on Chrome. It was pretty awesome.
The solution is to add the following to your relevant <CORSRule> configuration in AWS:
<AllowedHeader>*</AllowedHeader>
That makes Chrome NOT send the OPTIONS request, and everything should work properly.
Upvotes: 43
Related Questions
- Angular $http.delete CORS error (preflight request)
- CORS response when sending a DELETE request
- Allow CORS for b2_delete_file_version
- Why do I get a CORS internal server error when trying to do a DELETE request via AWS API Gateway and Lambda?
- Fetch request failing for DELETE method even though CORS headers are present
- AWS S3 CORS 403 Error with OPTIONS request
- Pre-Flight Http 'OPTIONS' Method being sent instead of 'DELETE'
- S3 CORS responding with 403
- Amazon S3 CORS PUT fails
- jQuery CORS delete fails