Heroku Amazon s3 images - 403 error sometimes?

4
votes

I have my server setup at Heroku and i've used Amazon s3 for image-storage (uploaded them with the carrierwave gem), but sometimes i get strange 403 errors:

"Failed to load resource: the server responded with a status of 403 (Forbidden)"

(See image below)

Image of my webpage with missing images

If i reload the page the images are shown again.

I've set up a CORSRule:

 <?xml version="1.0" encoding="UTF-8"?>
    <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <ExposeHeader>ETag</ExposeHeader>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <ExposeHeader>Accept-Ranges</ExposeHeader>
        <ExposeHeader>Content-Range</ExposeHeader>
        <ExposeHeader>Content-Encoding</ExposeHeader>
        <ExposeHeader>Content-Length</ExposeHeader>
        <AllowedHeader>Range</AllowedHeader>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
    </CORSConfiguration>

I'm not an expert with CORSRule and i tried a few, but i would be so happy if anyone could point me in the right direction.

--------------- Updated --------------

Here i have my Request General, Response Headers and Request Headers when i'm missing an image.

General

Request URL:https://exnerbilleder.s3.amazonaws.com/nye/uploads/image/image/215/thumb_5.jpg
Request Method:GET
Status Code:403 Forbidden
Remote Address:52.95.150.17:443
Referrer Policy:no-referrer-when-downgrade

Response Headers

Content-Type:application/xml
Date:Tue, 08 Aug 2017 15:49:49 GMT
Server:AmazonS3
Transfer-Encoding:chunked
x-amz-id-2:EG4D5X29x8eAuu+xD9PdG2MsdGYnWHnpkuOc87p1h7nbFgvk57S6Be631UwTdF9tHMauoAjf6j4=
x-amz-request-id:0C43705C41CD57C9

Request Headers

Accept:image/webp,image/apng,image/*,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:da-DK,da;q=0.8,en-US;q=0.6,en;q=0.4
Connection:keep-alive
Host:exnerbilleder.s3.amazonaws.com
Referer:http://inger-exner.herokuapp.com/works/slotsgarden
User-Agent:Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Mobile Safari/537.36

Visit site

Maybe you will experience the problem if you visit the site

2
ruby-on-railsherokuamazon-s3http-status-code-403
More detail is needed. The request and response headers from the failed requests, in particular.Michael - sqlbot
Okay. Do you know where i can find them? Is it on the Amazon page?Peter Højlund Palluth
In the browser's developer tools. stackoverflow.com/a/4423097/1695906Michael - sqlbot
I have updated the answer. :)Peter Højlund Palluth
I wrote the Amazon support and they answered: The root cause of this issue was an error that caused a small number of the authenticating and authorizing service hosts to miss changes applied to your account. They pushed the subscription data updates to all the service hosts and that fixed the issue for me.Peter Højlund Palluth

2 Answers

1
votes

Looks like an Amazon issue. A tool such as New Relic or Skylight can help you debug this type of problem where different components lying on different service providers are involved.

1
votes

Try this: 

<CORSConfiguration>
 <CORSRule>
   <AllowedOrigin>http://www.example.com</AllowedOrigin>
   <AllowedMethod>PUT</AllowedMethod>
   <AllowedMethod>POST</AllowedMethod>
   <AllowedMethod>DELETE</AllowedMethod>
   <AllowedHeader>*</AllowedHeader>
  <MaxAgeSeconds>3000</MaxAgeSeconds>
  <ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
  <ExposeHeader>x-amz-request-id</ExposeHeader>
  <ExposeHeader>x-amz-id-2</ExposeHeader>
 </CORSRule>
</CORSConfiguration>

You can refer to the two links below for help :

http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html#how-do-i-enable-cors

https://devcenter.heroku.com/articles/direct-to-s3-image-uploads-in-rails