AWS CloudFront CORS Support

1
votes

I am trying to build an app where users upload content on their browsers to an S3 bucket through CloudFront. I have enabled CORS on the S3 bucket and ensured that the AllowedOrigin is set to *. I can successfully push content from a browser to the S3 bucket directly so I know that CORS on S3 is configured correctly. Now, I am trying to do the same with browser -> CloudFront -> S3. CloudFront always rejects the pre-flight OPTIONS method request with a 403 forbidden response.

I have the following options enabled on CloudFront:

  • Allowed HTTP Methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
  • Whitelist Headers: Access-Control-Request-Headers,
  • Access-Control-Request-Method, Origin OPTIONS requests are disabled from the "Cached HTTP Methods"

CloudFront apparently now supports CORS but has anyone got it working for an HTTP method OPTIONS request? I tried asking this on the AWS forums but no responses.

2
amazon-web-servicesamazon-s3corsamazon-cloudfront

2 Answers

0
votes

Have your try adding a CNAME alias for your cloudfront domain ??

After setting up the CNAME alias, you can set the cookies on the base domain, then you will be able to pass your cookie.

Let's put more detail to it in case people want to know what would be the next step is, let's use the following example :-

  1. You are developing on my.fancy.site.mydomain.com
  2. Your Cloudfront CNAME alias is content.mydomain.com
  3. Make sure you set your cloudfront signed cookies to .mydomain.com from your fancy app
  4. From this point on, you are able to pass the cookie for the CF.
  5. One quick way to test if your cookie is set appropriately, try to get your assets URL, and put the url in the browser directly. If the cookie set correctly, you will be able to access the file directly.

If you are using javascript to get the cdn assets, make sure in your JS code, you need to pass withCredentials option, or it won't work. For example, if you are using jQuery, you will need something like the following :-

$.ajax({
   url: a_cross_domain_url,
   xhrFields: {
       withCredentials: true
   }
});

And if the request is successful, you should get a response header from CloudFront with "Access-Control-blah-blah".

Hope it helps people if they search this answer.

0
votes

I found a very similar issue. The CloudFront distribution was not sending the header information to S3. You can test this easily via:

curl -i -H "Origin: http://YOUR-SITE-URL" http://S3-or-CLOUDFRONT-URL | grep Access

If you have the same problem, you can see my solution here:

AWS S3 + CloudFront gives CORS errors when serving images from browser cache