Reputation: 8002
Why does a static website hosted on AWS S3 require CORS to be enabled
Reading this page https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html it states that :
Your users load the website endpoint: http://website.s3-website.us-east-1.amazonaws.com Now you want to use JavaScript on the webpages that are stored in this bucket to be able to make authenticated GET and PUT requests against the same bucket by using the Amazon S3 API endpoint for the bucket, website.s3.us-east-1.amazonaws.com. A browser would normally block JavaScript from allowing those requests
Why would a browser require CORS to be enabled for requests back to the same server that hosts the static content ? i.e. website.s3.us-east-1.amazonaws.com.
Upvotes: 0
Views: 507
Answers (1)
Reputation: 1049
I can understand confusion, it could be rewritten better.
S3 REST API endpoints are of the format s3.us-east-1.amazonaws.com and website endpoints are website.s3.us-east-1.amazonaws.com
When we host website and do GET/PUT requests, they call s3 api with param as bucket name (website) and path. Hence, CORS is needed.
Upvotes: 2
Related Questions
- Amazon S3 CORS still not working: No 'Access-Control-Allow-Origin'
- How to configure CORS on AWS S3?
- Amazon S3, impossible to set CORS Policy
- Amazon S3 weird CORS behaviour: No 'Access-Control-Allow-Origin' header is present on the requested resource
- Why does S3 CORS allow methods that I have not specified in the CORS configuration?
- CORS AWS S3 and cloudfront
- Access-Control-Allow-Origin error on AWS server when website is opened through www
- Error 403 trying to use CORS with a static website loading image hosted on AWS S3
- S3 CORS responding with 403
- Risk of enabling CORS?