- Newest
- Most votes
- Most comments
Oops, I think I had this figurated wrong.
I was thinking the CORS request needed to be with the source of the static content... s3, but the ""Access-Control-Allow-Private-Network": true" needs to be sent from the esp32. Doh!
hey,
the error is due to allowed origins
, so you have enter your origin there or for testing purposes you can have *
to allow all the origins. Note: you shouldn't have allowed origins:*
in production.
Please check the CORS configuration to allow the origins here https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManageCorsUsing.html
Let me know if you have any questions
This looks like the issue to me
Access to resource at 'http://192.168.1.90/events' from origin 'http://espels.s3.us-west-2.amazonaws.com'
Seems your page may have an iframe or some reference to a site on a private IP address via HTTP (192.168.1.90) and the browser is blocking this..
What is Private Network Access (PNA)
Private Network Access (formerly known as CORS-RFC1918) restricts the ability of websites to send requests to servers on private networks.
Chrome has already implemented part of the specification: as of Chrome 96, only secure contexts are allowed to make private network requests.
The specification also extends the Cross-Origin Resource Sharing (CORS) protocol so that websites must now explicitly request a grant from servers on private networks before being allowed to send arbitrary requests.
Key term: Private network requests are requests whose target server's IP address is more private than that from which the request initiator was fetched. For example, a request from a public website (https://example.com) to a private website (http://router.local), or a request from a private website to localhost.
yes, I want to access SSE (server sent events) on a esp32 "server" in my private network via insecure http. Chrome requires a preflight response for "Access-Control-Allow-Private-Network": true, but I don't know how to set that in my CORS configuration. Again, what is very odd is that websockets work fine and i get no CORS errors when using them with this setup.
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
I have allowed origins, here is my cors config