CORS error with listBuckets in AWS JS SDK

Question

I am trying to listBuckets associated with an authorized user in frontend using AWS JS SDK.

listBuckets API documentation: http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#listBuckets-property

And, listBucket request failed with the following error message:

https://s3-us-west-2.amazonaws.com/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://palombpramalis.local:8888' is therefore not allowed access. The response had HTTP status code 403.

How to configure CORS for https://s3-us-west-2.amazonaws.com/?

AWS documentations talks about configuring CORS for specific bucket only http://docs.aws.amazon.com/AWSJavaScriptSDK/guide/browser-configuring.html. But this request is for listing all buckets for an authenticated user.

Answer 1

S3 regional endpoints such as s3-region.amazonaws.com do not support CORS. CORS is only supported on buckets (after you've enabled it). So you cannot call listBuckets. It would be great if AWS enabled this, but there may be compelling reasons not to.

You may be able to work around this, if needed, by hard-coding bucket names in your web client (not ideal), or by maintaining a list of buckets in a readable JSON file stored in S3. Personally, I'd prefer the latter and would try to maintain the file using AWS Lambda. Or you could ask the user to supply the bucket name, of course, but they typically will not know it.