CORS, S3 and CloudFront configuration

Question

Whenever I try to POST a file to my S3 bucket, I get the following error message:

POST https://api.*.com/sermon 413
Access to XMLHttpRequest at 'https://api*.com/sermon' from origin 'https://*.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

My S3 ELB bucket is configured as follows (for https://api.*.com/sermon):

My Cloudfront is set up as follows (for https://api.*.com/sermon):

I've also set up a CloudFront Origin Response trigger as a Lambda function:

'use strict';

// If the response lacks a Vary: header, fix it in a CloudFront Origin Response trigger.

exports.handler = (event, context, callback) => {
    const response = event.Records[0].cf.response;
    const headers = response.headers;

    if (!headers['vary'])
    {
        headers['vary'] = [
            { key: 'Vary', value: 'Access-Control-Request-Headers' },
            { key: 'Vary', value: 'Access-Control-Request-Method' },
            { key: 'Vary', value: 'Origin' },
        ];
    }
    callback(null, response);
};

HTTP status:

Is there anything I am missing?

Answer 1

The CORS setup is on S3, but looks like you're hitting an HTTP 413 ("Payload too Large") at CloudFront, prior to reaching S3. So this issue is not really related to CORS per se.

HTTP 413 usually means exceeding the CloudFront request size of 20 kb, or the URL length of 8 kb. Note the 'request size' is defined to include the request headers & query strings but not the request body.

So the first thing is to verify that the request size & URL length limits aren't being exceeded. And that any payload is in the POST body, not part of a request header.

Also see if uploading smaller files (< 100 mb) will work, to rule out any issues around multipart uploads.