Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

S3 Bucket not setting "access-control-allow-origin" header.

0

Hi, I set up my bucket CORS policy as following:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "HEAD"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [
            "Access-Control-Allow-Origin"
        ]
    }
]

But, when I check which headers are set on the image served from the bucket I can see that it is missing. Below are the only headers I can see set on the object. I do not use cloudfront.

accept-ranges: bytes
content-length: 66314
content-type: image/png
date: Thu, 15 Aug 2024 06:48:54 GMT
etag: "26b4fa32a20b0425c6c47688b917b5bd"
last-modified: Wed, 20 Mar 2024 23:35:58 GMT
server: AmazonS3
x-amz-id-2: yKXSiiohdEUHbeDkOjIcd6xSdH/wS5zju6cwLepX7D1dlGykl+3k0kZ3y8IL594nyGaNBH3daVA=
x-amz-request-id: HYGVXWA1X4KSHHJG
x-amz-server-side-encryption: AES256
x-amz-version-id: uDbtLJyP6EOSpIlkHWTpfuTZBk.FbzBr

For completeness this is the bucket policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::***"
            },
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::bucket/*"
        },
        {
            "Sid": "PublicRead",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectVersion"
            ],
            "Resource": "arn:aws:s3:::bucket/*"
        }
    ]
}

Any idea what might be an issue ?

Topics
Storage
Tags
Amazon S3 Access Grants
Language
English
asked a year ago399 views
1 Answer
2
Accepted Answer

Hello.

Have you tried accessing from the origin as described in the documentation below?
If you are using the "curl" command, try accessing by setting the origin domain in the header with the "-H" option.
https://repost.aws/knowledge-center/s3-configure-cors

curl -i http://mycorsbucket.s3.amazonaws.com/index.html -H "Origin: http://www.example.com"
EXPERT
answered a year ago
EXPERT
reviewed a year ago
EXPERT
reviewed a year ago
  • Riku_Kobayashi EXPERT
    a year ago

    I tried the following in my environment, but I could not confirm CORS in the response unless the header was set.

    curl -i http://example.s3.amazonaws.com/index.html
HTTP/1.1 200 OK
x-amz-id-2: REGj8u2HfVMgxTsak2buUwZ+qeQwvEe+5NcDN7nRbTglDtSWg/gqoT5ZDHfKUOHHUHXI6P1/lZA=
x-amz-request-id: 3R0T6WPD46CVBQV3
Date: Thu, 15 Aug 2024 07:08:33 GMT
Last-Modified: Fri, 19 Jul 2024 09:27:30 GMT
ETag: "6f0da46a3b8f0574b1bdc903021d3b00"
x-amz-server-side-encryption: AES256
x-amz-version-id: _B4LmbGf2NR13E5P_I4A.3Ql8LYjvYqk
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 158

curl -i http://example.s3.amazonaws.com/index.html -H "Origin: http://www.example.com"
HTTP/1.1 200 OK
x-amz-id-2: PrbL728Nj53lvsiggJemO9RW76rcINLTOSxet6UbfyGzBWBF7AH0fCPDmcWBoCrb3ExizDlYkhk=
x-amz-request-id: 6JMSY7KP3Y74ZS2N
Date: Thu, 15 Aug 2024 07:08:46 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Expose-Headers: Access-Control-Allow-Origin
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Last-Modified: Fri, 19 Jul 2024 09:27:30 GMT
ETag: "6f0da46a3b8f0574b1bdc903021d3b00"
x-amz-server-side-encryption: AES256
x-amz-version-id: _B4LmbGf2NR13E5P_I4A.3Ql8LYjvYqk
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 158
  • Tomas
    a year ago

    Thank you, that did it. It does not explain why some of my images are refused to be served from a different domain (maybe caching issue?), but that is question for another thread ;) Thank you for your answer.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content