Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS S3 - CORS OPTIONS Preflight throwing 400 Bad Request during DELETE w/ VersionId

Tags:

javascript

xmlhttprequest

cors

amazon-web-services

amazon-s3

I am attempting a deleteObject request for a delete marker using the Key of the object and the VersionID of the delete marker.

Because of CORS, the browser (Chrome 34.0.1847.11) sends an OPTIONS preflight request to: http://bucket.s3-us-west-2.amazonaws.com/Folder/File.ext?versionId=0123456789

Amazon S3 responds with 400 (Bad Request) with the following XML body:

<?xml version="1.0" encoding="UTF-8"?>
<Error>
    <Code>InvalidArgument</Code>
    <Message>This operation does not accept a version-id.</Message>
    <ArgumentValue>0123456789</ArgumentValue>
    <ArgumentName>versionId</ArgumentName>
    <RequestId>12345</RequestId>
    <HostId>1122334455</HostId>
</Error>

Because the XMLHttpRequest returns 400 (Bad Request), the DELETE request never gets executed. I am under the impression that AWS isn't handling the options request correctly. If there is a workaround, that would be great!

My current CORS policy on the bucket is:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>HEAD</AllowedMethod>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>PUT</AllowedMethod>
        <AllowedMethod>POST</AllowedMethod>
        <AllowedMethod>DELETE</AllowedMethod>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

FYI: I am using the AWS SDK for JS 2.0.0-rc10

Thank you in advance.

EDIT 1: I tried adding <AllowedMethod>OPTIONS</AllowedMethod> but Amazon returns Found unsupported HTTP method in CORS config. Unsupported method is OPTIONS

EDIT 2:

OPTIONS request/response headers:

Remote Address: *********:443
Request URL: https://bucket.s3-us-west-2.amazonaws.com/path/to/file_name?versionId=0123456789
Request Method: OPTIONS
Status Code: 400 Bad Request

Request Headers
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Access-Control-Request-Headers: x-amz-user-agent, x-amz-security-token, x-amz-date, authorization, content-type
Access-Control-Request-Method: DELETE
Cache-Control: no-cache
Connection: keep-alive
DNT: 1
Host: bucket.s3-us-west-2.amazonaws.com
Origin: https://website.com
Pragma: no-cache
Referer: https://website.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.60 Safari/537.36
Query String Parameters
versionId: 0123456789

Response Headers
Access-Control-Allow-Headers: x-amz-user-agent, x-amz-security-token, x-amz-date, authorization, content-type
Access-Control-Allow-Methods: HEAD, GET, PUT, POST, DELETE
Access-Control-Allow-Origin: *
Connection: close
Content-Type: application/xml
Date: Tue, 18 Mar 2014 23:59:15 GMT
Server: AmazonS3
Transfer-Encoding: chunked
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-id-2: *************************
x-amz-request-id: ***********

The delete request doesn't ever actually happen because the OPTIONS fails.

like image 282
ThievingSix Avatar asked Mar 05 '14 00:03

ThievingSix

People also ask

How do you resolve CORS issue in S3 bucket?

Verify that the request has the Origin header. If the header is missing, Amazon S3 doesn't treat the request as a cross-origin request, and doesn't send CORS response headers in the response. Verify that the Origin header in your request matches at least one of the AllowedOrigin elements in the specified CORSRule .

How do I enable CORS in AWS S3?

Configuring CORS for an Amazon S3 Bucket In the Amazon S3 console, choose the bucket you want to edit. Select the Permissions tab, and scoll down to the Cross-origin resource sharing (CORS) panel. Choose Edit, and type your CORS configuration in the CORS Configuration Editor, then choose Save.

How does Amazon S3 evaluate the CORS configuration on a bucket?

How does Amazon S3 evaluate the CORS configuration on a bucket? When Amazon S3 receives a preflight request from a browser, it evaluates the CORS configuration for the bucket and uses the first CORSRule rule that matches the incoming browser request to enable a cross-origin request.

1 Answers

I just ran into this problem. It only occurs on Chrome. It was pretty awesome.

The solution is to add the following to your relevant <CORSRule> configuration in AWS:

<AllowedHeader>*</AllowedHeader>

That makes Chrome NOT send the OPTIONS request, and everything should work properly.

like image 84
tmont Avatar answered Oct 07 '22 05:10

tmont
Sign in to Comment

Related questions

Find all the same numbers in the array
Javascript - reduce the given object into one data structure
How to remove unnecessary parenthesis?
Place <div> at x,y coordinate in React
Primefaces inputMask accept only hex
How to display images without cropping using gatsby-image?
How to highlight matches within a string with JSX?
IE11 - Object doesn't support property or method 'contains'
Prevent browser back button for a specific page only in react
Typescript. Check if method/property exists in the variable of unknown type
How to add specific missing fields to a json object by comparing with a model
Toggle tables using Buttons
Create Triangle Menu
Set data to empty string on vuetify text field clearable?
What does property access in a for-of loop do, like `for (a.b of c)`? [duplicate]
React: Invalid hook call. Hooks can only be called inside of the body of a function component
How store an object in Dynamodb?
separate each value with comma from multiple select
Create HTML table using Javascript
Vue instance inside Vue instance

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!