I am trying to get an object from AWS S3 via Cloudfront but I'm running into CORS problems.
As far as I understand it, my request to Cloudfront includes a header entitled Origin
which tells the server where the request is coming from. When Cloudfront requests the object, S3 returns the object along with headers based upon S3's CORS configuration. Among these headers is Access-Control-Allow-Origin
, which specifies to the browser which origins are allowed to access the object.
My problem is that I need to support dynamic subdomains in my CORS configuration, so I've configured CORS in S3 like so:
<AllowedOrigin>*</AllowedOrigin>
But since I'm using the Access-Control-Allow-Credentials: true
header, wildcards are not permitted.
Now, according to this article , which states:
In other words, there are 2 ways for resources to be shared with multiple Origins:
- Server returns
Access-Control-Allow-Origin: *
in HTTP response header- Server dynamically generates
Access-Control-Allow-Origin
based on theOrigin
specified in the HTTP request header (this is what S3 does)
S3 should be able to look at my Origin
header and return it's value as Access-Control-Allow-Origin
, thus preventing any errors regarding the wildcard character. But all I get back from S3 is Access-Control-Allow-Origin: *
.
What Can I do to get S3 to mirror my Origin
as the value of Access-Control-Allow-Origin
?
The article is a little old so I imagine S3 has updated how they handle these headers since 2013, but is there still a way to do this?
NOTE: This is a rails application using aws-sdk-ruby V2
I found the answer in another question here . S3 has updated how this works and you must now use the following configuration to have S3 mirror your Origin
.
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.