Does cloudfront remove response headers?

0

I have a file in s3 bucket and I serve that s3 bucket behind cloudfront. i have put the cors rules into s3 to

[
    {
        "AllowedHeaders": [],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 0
    }
]

After creating invalidation, everything works. It returns the Accept-Control-Allow-Origin, Accept-Control-Allow-Methods, Accept-Control-Allow-Age. however the strange part is after a couple of days, it stopped returning those headers, and. I have to create an invalidation then those headers will come back. I am not sure what triggers this, maybe days, or something im not sure.

so, does cloudfront remove response headers for some reason?

已提問 1 年前檢視次數 904 次
1 個回答
1
已接受的答案

It sounds like CloudFront's caching feature might be messing with your headers a bit. When CloudFront caches an object from your S3 bucket, it doesn't always grab the headers that your bucket provides. So, those CORS headers might be getting left out.When you go through the process of invalidation, you're basically giving CloudFront a nudge and saying "Hey, ditch your cached version and grab a fresh copy from the S3 bucket." And when it does, it pulls in all the up-to-date headers and serves them up.

You may want to try adjusting your CloudFront caching settings to either reduce the TTL value or use origin cache headers, so that the CORS headers from S3 are respected and included with responses more consistently.

Also using "*" as the AllowedOrigin can introduce security risks. You may want to consider narrowing this down to specific origins that need access.

update: CachingOptimized policy might have an impact on your headers and caching behavior. Test moving away from the "CachingOptimized" policy and use the "Use Origin Cache Headers" option.

If this helped please remember to mark the answer as accepted!

profile pictureAWS
已回答 1 年前
profile picture
專家
已審閱 4 個月前
  • Thank you for the answer, but I think I forgot to mention that I am also using the CachingOptimized policy (658327ea-f89d-4fab-a63d-7e88639e58f6), do you think it has something to do with it?

  • CachingOptimized policy might have an impact on your headers and caching behavior. Test moving away from the "CachingOptimized" policy and use the "Use Origin Cache Headers" option.

  • Setting the cache to use the "Use Origin Cache Headers" option now throws a 403 error that the signature is invalid

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南