Reputation: 643
AWS S3 + CloudFront gives CORS errors when serving images from browser cache
If I clear my browser cache, everything loads just find from my cloudfront-enabled S3 bucket. When I turn off cache, however, I get errors in the console:
Image from origin [ORIGIN URL] has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin [MY LOCALHOST ADDRESS] is therefore not allowed access.
MY CORS configuration:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
I also followed this advice a while back and changed the cloundfront distro settings. It seemed to have worked back then but is definitely not working with browser cache now: CORS problems with Amazon S3 on the latest Chomium and Google Canary
I also tried putting "Header add Access-Control-Allow-Origin "*"" in my websites .htaccess. No luck. Note: my website is hosted and accessed from localhost (it's a dev environment).
Upvotes: 19
Views: 35067
Answers (2)
Reputation: 1542
I found myself with the same sort of problem: no Access-Control-Allow-Origin coming up. It was very random, sometimes it worked, other times it did not. I finally narrowed it down in this way:
- Turned on S3 website hosting
- Tested for CORS header in both S3 and CloudFront
Here is how to easily test for a CORS header:
curl -i -H "Origin: http://YOUR-SITE-URL" http://S3-or-CLOUDFRONT-URL | grep Access
In my case it would work fine in S3, but in CloudFront it will only sometimes return back the access-control headers:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 3000
After more research, I discovered that our CloudFront distribution was configured to block the headers from going to S3. To fix this:
- Go to CloudFront distribution in the AWS dashboard
- Click on Distribution Settings
- Click on the Behaviors Tab
- Edit the default pattern Behavior
- Click on Forward Headers and select Whitelist
- Add the 3 suggested headers: Access-Control-Request-Headers, Access-Control-Request-Method, Origin
- Save changes
Once the headers made it to S3, we could always see the correct access control information with curl command above.
Upvotes: 35
Reputation: 106
I was stuck in the same problem and found that exposing headers as shown below solve the problem:
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>MYIP</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<ExposeHeader>ETag</ExposeHeader>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Upvotes: 4
Related Questions
- Amazon S3 image CORS issue
- How to tell cloudfront to not cache 302 responses from S3 redirects, or, how else to workaround this image caching generation issue
- CloudFront has been blocked by CORS policy
- CORS, S3 and CloudFront configuration
- Serving images from s3 with Cache-Control header distributed with CloudFront not caching?
- CORS AWS S3 and cloudfront
- CORS issue even with origin policies
- Serving Images uploaded to S3 via CloudFront
- Cross Domain CORS and Images
- CORS with Amazon S3 and Cloudfront