I create a new S3 bucket with default settings and add this CORS policy:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
I then use this script to test a preflight request:
curl -X OPTIONS -H "Origin: http://example.com" \
-H "Access-Control-Request-Method: GET" \
-I "https://<bucketname>.s3.amazonaws.com/test.mp4"`
- If the new bucket is in us-east-1 region, this request returns 200.
- If the new bucket is in any other region, it returns 500.
- Same CORS policy in an older bucket -> returns 200 correctly for all regions.
- If CORS policy is removed -> returns 403 correctly for all regions.
To sum up my confusion:
- I feel like 500 for this request is quite unexpected.
- It is weird to get different results for different regions for a "region-agnostic" request/policy.
- I have no idea how to get logs for this error in the backend.
Ok I solved this myself.
I didn't realize the S3 urls have a region part.
https://<bucketname>.s3.amazonaws.com/test.mp4
This defaults to us-east-1
https://<bucketname>.s3.<region>.amazonaws.com/test.mp4
This works better