Does cloudfront remove response headers?

0

I have a file in s3 bucket and I serve that s3 bucket behind cloudfront. i have put the cors rules into s3 to

[
    {
        "AllowedHeaders": [],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 0
    }
]

After creating invalidation, everything works. It returns the Accept-Control-Allow-Origin, Accept-Control-Allow-Methods, Accept-Control-Allow-Age. however the strange part is after a couple of days, it stopped returning those headers, and. I have to create an invalidation then those headers will come back. I am not sure what triggers this, maybe days, or something im not sure.

so, does cloudfront remove response headers for some reason?

질문됨 일 년 전904회 조회
1개 답변
1
수락된 답변

It sounds like CloudFront's caching feature might be messing with your headers a bit. When CloudFront caches an object from your S3 bucket, it doesn't always grab the headers that your bucket provides. So, those CORS headers might be getting left out.When you go through the process of invalidation, you're basically giving CloudFront a nudge and saying "Hey, ditch your cached version and grab a fresh copy from the S3 bucket." And when it does, it pulls in all the up-to-date headers and serves them up.

You may want to try adjusting your CloudFront caching settings to either reduce the TTL value or use origin cache headers, so that the CORS headers from S3 are respected and included with responses more consistently.

Also using "*" as the AllowedOrigin can introduce security risks. You may want to consider narrowing this down to specific origins that need access.

update: CachingOptimized policy might have an impact on your headers and caching behavior. Test moving away from the "CachingOptimized" policy and use the "Use Origin Cache Headers" option.

If this helped please remember to mark the answer as accepted!

profile pictureAWS
답변함 일 년 전
profile picture
전문가
검토됨 4달 전
  • Thank you for the answer, but I think I forgot to mention that I am also using the CachingOptimized policy (658327ea-f89d-4fab-a63d-7e88639e58f6), do you think it has something to do with it?

  • CachingOptimized policy might have an impact on your headers and caching behavior. Test moving away from the "CachingOptimized" policy and use the "Use Origin Cache Headers" option.

  • Setting the cache to use the "Use Origin Cache Headers" option now throws a 403 error that the signature is invalid

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠