Menu
I'm hosting a static website via Amazon S3 and I have some Javascript on there that will make a call to another domain and parse the XML, JSON, or whatever that it gets.
I followed the many posts on stackoverflow and various blog posts it linked to that claimed to get it working but even after following very closely I could never replicate the results.
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
</CORSRule>
I even tried adding with and without the following to the rule,
<AllowedHeader>*</AllowedHeader>
The following link allows you to test if CORS is enabled by sending XMLHttpRequests and it says it is not valid so CORS is not set up or recognized properly.
http://client.cors-api.appspot.com/client/
A possible lead is what is suggested in Amazon S3 documentation here,
http://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketGETcors.html
that says we need to set the "s3:GetCORSConfiguration" permission, which I did via a line like...
"Action": ["s3:GetObject", "s3:GetCORSConfiguration"],
in the "edit bucket policy" section from the AWS control panel but it gives an error and cannot save because it doesn't recognize this action?
A potentially similar post on stackexchange here,
HTTP GET to amazon aws from jquery or XMLHttpRequest fails with Origin is not allowed by Access-Control-Allow-Origin
seems to suggest that if I have a website hosted on S3 that it can not configure it to make XMLHttpRequests that are GET to a 3rd party resource?
I feel like I'm going in circles...anyone out there have any leads/advice? Thanks.
796
You have to expose the access control headers. Try this:
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<ExposeHeader>Access-Control-Allow-Origin</ExposeHeader>
<ExposeHeader>Access-Control-Allow-Methods</ExposeHeader>
</CORSRule>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
