LandonSchropp
Reputation: 10234
S3 CORS responding with 403
I'm trying to enable CORS on an S3 bucket. Here's my CORS configuration:
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
</CORSRule>
</CORSConfiguration>
If I try to access any of the files in my bucket, the server responds with a 403 and the following:
<Error>
<script/>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>A0DDB22DAA8FEB96</RequestId>
<HostId>
wamh2M0Q2rfW2RAXdnJThqeWxVSxd2P2VVq0izvwipp2JATIipMc9CvAs9Qe+2iC
</HostId>
</Error>
If I remove the CORS configuration, everything works fine. What am I missing?
Upvotes: 3
Views: 3881
Answers (1)
Nikhil
Reputation: 3152
This might be because you haven't explicitly specified the allowed headers which are usually sent in pre-flight requests when calls are made through CORS.
Ideally, you also need to specify the maximum time the browser can cache these pre-flight requests. Try modifying your CORS configuration to include this information as follows:
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Upvotes: 2
Related Questions
- S3 not returning Access-Control-Allow-Origin headers?
- Amazon S3 CORS still not working: No 'Access-Control-Allow-Origin'
- S3 blocked by CORS policy
- How to configure CORS on AWS S3?
- CORS error with S3 even after adding CORS configuration
- Amazon S3, impossible to set CORS Policy
- Intermittent 403 CORS errors when using S3 signed URL to PUT object
- Private Content CORS issues with S3
- AWS S3 CORS 403 Error with OPTIONS request
- CORS Issue calling ec2 from s3