Cross-Origin Request Blocked error in Amazon Web Services

Question

The short version of my problem is: I am using Amazon Web Services to host a static website and a servlet, I would like to have JavaScript code in the static website send GET requests to the servlet, but I'm getting "Cross-Origin Request Blocked" errors. Here's the long version:

I have created and deployed a servlet on Amazon's Elastic Beanstalk. The servlet takes in GET requests, does some processing, and spits out a JSON. I registered a domain using Route53 (let's call it "example.com") and used Route53 to create an alias for the servlet; let's call it "app.example.com".

I am also hosting a static webpage using a combination of S3 and Route 53. I am able to send GET requests to the servlet and get responses via an HTML document in my domain's S3 bucket. What I want to do is include a little JavaScript code in the HTML document which makes a GET request by calling "app.example.com/keyword=somestring" and which parses the JSON spat out by the servlet as a response. I have tested the JavaScript code with a sample JSON output stored on my local machine and it works fine.

The problem is when I try to have the script get the JSON via a GET request I get a "Cross-Origin Request Blocked" error in my console. I went to my application's bucket in S3 and added the following CORS rule:

<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>

but the problem persists. What can I do?

Answer 1

You've got this all backwards. The S3 CORS rules are used if you are trying to connect to the S3 hosted static website from another domain.

In your case, you're actually trying to connect from the S3 hosted static website to another domain, so the CORS headers need to be sent out by the app running on that domain (by your Elastic Beanstalk application).