Does cloudfront remove response headers?

Question

I have a file in s3 bucket and I serve that s3 bucket behind cloudfront. i have put the cors rules into s3 to 
```
[
    {
        "AllowedHeaders": [],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 0
    }
]
```
After creating invalidation, everything works. It returns the Accept-Control-Allow-Origin, Accept-Control-Allow-Methods, Accept-Control-Allow-Age. however the strange part is after a couple of days, it stopped returning those headers, and. I have to create an invalidation then those headers will come back. I am not sure what triggers this, maybe days, or something im not sure.

so, does cloudfront remove response headers for some reason?

Accepted Answer

It sounds like CloudFront's caching feature might be messing with your headers a bit. When CloudFront caches an object from your S3 bucket, it doesn't always grab the headers that your bucket provides. So, those CORS headers might be getting left out.When you go through the process of invalidation, you're basically giving CloudFront a nudge and saying "Hey, ditch your cached version and grab a fresh copy from the S3 bucket." And when it does, it pulls in all the up-to-date headers and serves them up.

You may want to try adjusting your CloudFront caching settings to either reduce the TTL value or use origin cache headers, so that the CORS headers from S3 are respected and included with responses more consistently.

Also using "*" as the AllowedOrigin can introduce security risks. You may want to consider narrowing this down to specific origins that need access.

update: CachingOptimized policy might have an impact on your headers and caching behavior. Test moving away from the "CachingOptimized" policy and use the "Use Origin Cache Headers" option.

If this helped please remember to mark the answer as accepted!

Does cloudfront remove response headers?

相關內容