Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

S3 - Access-Control-Allow-Origin Header

Tags:

http-headers

cors

amazon-web-services

amazon-s3

Usually, all you need to do is to "Add CORS Configuration" in your bucket properties.

amazon-screen-shot

The <CORSConfiguration> comes with some default values. That's all I needed to solve your problem. Just click "Save" and try again to see if it worked. If it doesn't, you could also try the code below (from alxrb answer) which seems to have worked for most of the people.

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>HEAD</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

For further info, you can read this article on Editing Bucket Permission.


S3 now expects the rules to be in Array Json format.

You can find this in s3 bucket -> Permissions then -> scroll below -> () Cross-origin resource sharing (CORS)

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "HEAD"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]

I was having a similar problem with loading web fonts, when I clicked on 'add CORS configuration', in the bucket properties, this code was already there: 

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedMethod>HEAD</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

I just clicked save and it worked a treat, my custom web fonts were loading in IE & Firefox. I'm no expert on this, I just thought this might help you out.


If your request doesn't specify an Origin header, S3 won't include the CORS headers in the response. This really threw me because I kept trying to curl the files to test the CORS but curl doesn't include Origin.

Related questions

Amazon S3 - HTTPS/SSL - Is it possible? [closed]
How do you search an amazon s3 bucket?
AccessDenied for ListObjects for S3 bucket when permissions are s3:*
DynamoDB vs MongoDB NoSQL [closed]
S3 Bucket action doesn't apply to any resources
How to choose an AWS profile when using boto3 to connect to CloudFront
Why should I use Amazon Kinesis and not SNS-SQS?
How to rename AWS S3 Bucket name
AWS Error Message: A conflicting conditional operation is currently in progress against this resource
How can I tell how many objects I've stored in an S3 bucket?
How to load npm modules in AWS Lambda?
How to make all Objects in AWS S3 bucket public by default?
Amazon SimpleDB vs Amazon DynamoDB
WARNING: UNPROTECTED PRIVATE KEY FILE! when trying to SSH into Amazon EC2 Instance
How to test credentials for AWS Command Line Tools
boto3 client NoRegionError: You must specify a region error only sometimes
Can't push image to Amazon ECR - fails with "no basic auth credentials"
AWS VPC - Internet Gateway vs. NAT [closed]
AWS S3: The bucket you are attempting to access must be addressed using the specified endpoint
Download an already uploaded Lambda function

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!