Cannot include localhost in cloudfront CORS policy

Question

Hi all,

I want to include a CORS policy in Cloudfront, but the UI will not allow me to add https://localhost.  I get the following error:
"The parameter Access-Control-Allow-Origin contains https://localhost which is not a valid URL."

I can set this in other CORS policies (such as S3) so think this should be allowed.

Does anyone know if this is considered a bug? Is there a workaround?

Many thanks

Answer

Hi there,

Thank you for reporting this behavior when attempting to add "https://localhost" to the "Access-Control-Allow-Origin" section of a Response Header Policy. I have communicated this behavior to the CloudFront service team and they are investigating it further.

There are a few possible workarounds. If you can customize the response from your origin, you can configure CloudFront to forward the "Origin" header in the origin request and have your origin return this header in its response with the desired "https://localhost" value. As noted, S3 can be configured to return this value in its CORS configuration if you're using S3 as your origin.

Another approach is utilizing CloudFront Functions to add the "Access-Control-Allow-Origin: https://localhost" header to the response. An example function that can be adapted to accomplish this can be found here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-add-cors-header-response.html

Cannot include localhost in cloudfront CORS policy

関連するコンテンツ