Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

S3 CORS Server Sent Events http

0

How do I set "Access-Control-Allow-Private-Network": true,

Background: i have a esp32 that I do not want to run ssl on due to overhead. I have a static react app that uses SSE to get updates from the esp32. I want to host the static bundled react app on S3. This doesn't work because I can't connect to SSE. Oddly websockets are allowed and work fine.

the error in the chrome console is

index_test.html:1 Access to resource at 'http://192.168.1.90/events' from origin 'http://espels.s3.us-west-2.amazonaws.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `private`.
index_test.html:8 
        
        
GET http://192.168.1.90/events net::ERR_FAILED

I've tried to add "Access-Control-Allow-Private-Network": true to the CORS configuration of the s3 bucket but it isn't allowed.

Themen
Speicher
Tags
Amazon Simple Storage ServiceAmazon S3 Access Grants
Sprache
English
rePost-User-3137753
gefragt vor 4 Monaten306 Aufrufe
3 Antworten
0
Akzeptierte Antwort

Oops, I think I had this figurated wrong.

I was thinking the CORS request needed to be with the source of the static content... s3, but the ""Access-Control-Allow-Private-Network": true" needs to be sent from the esp32. Doh!

rePost-User-3137753
beantwortet vor 4 Monaten
profile picture
EXPERTE
Gary Mclean
überprüft vor 2 Monaten
0

hey,

the error is due to allowed origins, so you have enter your origin there or for testing purposes you can have * to allow all the origins. Note: you shouldn't have allowed origins:* in production.

Please check the CORS configuration to allow the origins here https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManageCorsUsing.html

Let me know if you have any questions

profile picture
Bhuvan Prasad G
beantwortet vor 4 Monaten
  • rePost-User-3137753
    vor 4 Monaten

    I have allowed origins, here is my cors config

    
[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "POST",
            "PUT",
            "HEAD"
        ],
        "AllowedOrigins": [
            "*",
            "http://espels.s3-us-west-2.amazonaws.com",
            "https://espels.s3-us-west-2.amazonaws.com"
        ],
        "ExposeHeaders": [
            "ETag",
            "Accept-Ranges",
            "Content-Encoding",
            "Content-Length ",
            "Content-Range",
            "Access-Control-Allow-Private-Network"
        ],
        "MaxAgeSeconds": 3000
    }
]
0

This looks like the issue to me

Access to resource at 'http://192.168.1.90/events' from origin 'http://espels.s3.us-west-2.amazonaws.com'

Seems your page may have an iframe or some reference to a site on a private IP address via HTTP (192.168.1.90) and the browser is blocking this..

What is Private Network Access (PNA)

Private Network Access (formerly known as CORS-RFC1918) restricts the ability of websites to send requests to servers on private networks.

Chrome has already implemented part of the specification: as of Chrome 96, only secure contexts are allowed to make private network requests.

The specification also extends the Cross-Origin Resource Sharing (CORS) protocol so that websites must now explicitly request a grant from servers on private networks before being allowed to send arbitrary requests.

Key term: Private network requests are requests whose target server's IP address is more private than that from which the request initiator was fetched. For example, a request from a public website (https://example.com) to a private website (http://router.local), or a request from a private website to localhost.

profile picture
EXPERTE
Gary Mclean
beantwortet vor 4 Monaten
  • rePost-User-3137753
    vor 4 Monaten

    yes, I want to access SSE (server sent events) on a esp32 "server" in my private network via insecure http. Chrome requires a preflight response for "Access-Control-Allow-Private-Network": true, but I don't know how to set that in my CORS configuration. Again, what is very odd is that websockets work fine and i get no CORS errors when using them with this setup.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt