Menu
My application stores images on S3 and then proxies them through Cloudfront. I'm excited to use the new S3 CORS support so that I can use HTML5 canvas methods (which have a cross-origin policy) but can't seem to configure my S3 and Cloudfront correctly. Still running into "Uncaught Error: SECURITY_ERR: DOM Exception 18" when I try to convert an image to a canvas element.
Here's what I have so far:
S3
<CORSConfiguration> <CORSRule> <AllowedOrigin>MY_WEBSITE_URL</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> <MaxAgeSeconds>3000</MaxAgeSeconds> <AllowedHeader>*</AllowedHeader> </CORSRule> <CORSRule> <AllowedOrigin>MY_CLOUDFRONT_URL</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> <AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration> Cloudfront
Origins
Origin Protocol Policy: Match Viewer HTTP Port: 80 HTTPS Port: 443 Behaviors
Origin: MY_WEBSITE_URL Object Caching: Use Origin Cache Headers Forward Cookies: None Forward Query Strings: Yes Is there something I'm missing here?
UPDATE : Just tried changing the headers to
<AllowedHeader>Content-*</AllowedHeader> <AllowedHeader>Host</AllowedHeader> based on this question Amazon S3 CORS (Cross-Origin Resource Sharing) and Firefox cross-domain font loading
Still no go.
UPDATE: MORE INFO ON REQUEST
Request URL:https://d1r5nr1emc2xy5.cloudfront.net/uploaded/BAhbBlsHOgZmSSImMjAxMi8wOS8xMC8xOC81NC80Mi85NC9ncmFzczMuanBnBjoGRVQ/32c0cee8 Request Method:GET Status Code:200 OK (from cache) UPDATE
I think maybe my request wasn't correct, so I tried enabling CORS with
img.crossOrigin = ''; but then the image doesn't load and I get the error: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
782
Step 1: enable CORS on your S3 bucketGo to your S3 bucket in the AWS (Amazon Web Services) console and select it. Click the Properties tab then open the Permissions area. You should see a button labelled 'Edit CORS Configuration' or something similar. Click it.
For enabling CORS we need to configure Cloudfront to allow forwarding of required headers. We can configure the behavior of Cloudfront by clicking on Cloudfront Distribution's "Distribution Settings". Then from the "Behaviour" tab click on "Edit". Here we need to whitelist the headers that need to be forwarded.
Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.
On June 26, 2014 AWS released proper Vary: Origin behavior on CloudFront so now you just
Set a CORS Configuration for your S3 bucket including
<AllowedOrigin>*</AllowedOrigin>
In CloudFront -> Distribution -> Behaviors for this origin
Origin header.Wait for ~20 minutes while CloudFront propagates the new rule
Now your CloudFront distribution should cache different responses (with proper CORS headers) for different client Origin headers.
190
To complement @Brett's answer. There are AWS documentation pages detailing CORS on CloudFront and CORS on S3.
The steps detailed there are as follows:
<AllowedOrigin> rule is the important one. Save the configuration. 
OPTIONS responses cached or not, there are two ways according to AWS:
- If you want OPTIONS responses to be cached, do the following:
- Choose the options for default cache behavior settings that enable caching for OPTIONS responses.
- Configure CloudFront to forward the following headers: Origin, Access-Control-Request-Headers, and Access-Control-Request-Method.
- If you don't want OPTIONS responses to be cached, configure CloudFront to forward the Origin header, together with any other headers required by your origin
And with that CORS from CloudFront with S3 should work.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
