I'm stuck with a CORS at S3+Cloudfront+Signed Urls.
My use cases is:
First story (successful):
I have an Amazon S3 bucket with a Cloudfront. Files are accessible by the DOMAIN1/file
link
I write a simple test JS script to get file from DOMAIN1 and put it at the DOMAIN2/test.html
Second case (successful too):
Third case (failed)
DOMAIN2/test.html
test script No 'Access-Control-Allow-Origin' header
error. So Cloudfront is not sending a header in case of restricted distribution.
CORS xml is:
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>10</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
It must be some issue in the CloudFront/S3/IAM settings. How I can fix it?
Seems like a solution was to setup a correct access rights to the S3 bucket. Instead the "Everyone" access, need an "Any AWS authenticated user" or "Cloudfront appropriate user".
I went to Cloudfront Distributions -> MYPRIVATECLOUDFRONTID -> Behaviors
and added the Following:
Path Pattern = path/to/my/file.ext
Forward Headers = Whitelist
And added to Whitelist Header: Origin
Don't forget to uncheck the option Restrict Viewer Access (Use Signed URLs or Signed Cookies)
- for me, it was marked to not restrict even though I have marked the whole cache to be restricted.
My next step is to automatically set this whitelist on demand.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.