Help improve AWS Support Official channel in re:Post and share your experience - complete a quick three-question survey to earn a re:Post badge!
CORS error occurs when fetching specific m3u8 files uploaded to S3
In certain situations, it works fine, but after some time, a CORS error occurs. It’s hard to predict what causes the CORS error since some m3u8 files work and others don’t, even though they share the same policy. Does anyone have any insights on this?
- CORS NOT ERROR
- CORS ERROR
The S3 CORS policy is configured as follows:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"GET",
"HEAD"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
The CloudFront policy is configured as follows:
Let me know if you’d like to adjust anything further!
- Newest
- Most votes
- Most comments
The intermittent CORS errors you're experiencing with m3u8 files in S3 could be due to several factors, even with seemingly correct CORS and CloudFront configurations. Here are some potential causes and solutions to consider:
-
Object Ownership: Ensure that the Object Ownership setting for your S3 bucket is set to "Bucket owner enforced". If it's set to "Object writer", objects uploaded by cross-account users might not be accessible, leading to sporadic CORS errors.
-
CloudFront Configuration:
- Verify that your CloudFront distribution is configured to forward the Origin, Access-Control-Request-Headers, and Access-Control-Request-Method headers to the origin.
- Ensure that the OPTIONS HTTP method is allowed in your distribution's cache behavior.
- Check if your CloudFront policy is configured to return the required CORS headers.
- S3 CORS Configuration:
- Add the OPTIONS method to your AllowedMethods in the S3 CORS configuration. This is crucial for handling preflight requests.
- Consider adding specific ExposeHeaders if your application requires access to custom headers.
-
Caching Issues: The MaxAgeSeconds in your CORS configuration is set to 3000 seconds (50 minutes). This could cause outdated CORS configurations to be cached. Try reducing this value or clearing caches to see if it resolves the intermittent nature of the problem.
-
Request Headers: Ensure that your requests include the necessary Origin header. Without this, S3 won't treat the request as a cross-origin request and won't send CORS response headers.
-
File Permissions: Double-check that all the m3u8 files have the correct permissions set in S3, allowing the necessary access.
If the issue persists after checking these points, you may need to capture and analyze the complete requests and responses for both working and non-working scenarios to identify any subtle differences. Using browser developer tools or network monitoring software can help in this investigation.
Sources
Troubleshooting CORS - Amazon Simple Storage Service
'Network Error' uploading files with Amplify Storage | AWS re:Post
Why can't my S3 File Gateway access objects uploaded by cross-account users? | AWS re:Post
Configure CORS in Amazon S3 | AWS re:Post
Troubleshooting CORS issues - AWS Elemental MediaStore
In CORS configurations, the OPTIONS method is often not explicitly included in the AllowedMethods list.
Relevant content
- asked 2 years ago
- asked 2 years ago
AWS OFFICIALUpdated a year ago
Remember that SimpleCORS response header policy could be used during testing. As it opens cloudfront to potential cross origin attacks because it’s allow all origins. Define set of origins for production by using custom response header policy.