3

I'm trying to figure out why cloudfront distribution does not cache / send through access-control-allow-origin.

When I curl my website:

HTTP/1.1 200 OK Date: Sat, 03 Mar 2018 07:42:01 GMT Content-Type: application/font-woff2 Content-Length: 77160 Connection: keep-alive Set-Cookie: __cfduid=dda822a428a2dddb9113bbd425dba93e91520062921; expires=Sun, 03-Mar-19 07:42:01 GMT; path=/; domain=.flexrc.com; HttpOnly Last-Modified: Fri, 02 Mar 2018 03:01:32 GMT ETag: "5a98be8c-12d68" Access-Control-Allow-Origin: * CF-Cache-Status: HIT Expires: Sat, 03 Mar 2018 11:42:01 GMT Cache-Control: public, max-age=14400 Accept-Ranges: bytes Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 3f5a76ca7ddd3b50-YVR

but when I curl cloudfront file:

HTTP/1.1 200 OK Content-Type: application/octet-stream Content-Length: 66624 Connection: keep-alive Date: Sat, 03 Mar 2018 03:13:25 GMT Last-Modified: Sun, 21 Feb 2016 22:02:50 GMT ETag: "56ca340a-10440" CF-Cache-Status: HIT Expires: Sat, 03 Mar 2018 07:13:25 GMT Cache-Control: public, max-age=14400 Accept-Ranges: bytes Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 3f58ed5738b09668-SJC X-Cache: RefreshHit from cloudfront Via: 1.1 f42a8d19b16850af801ce5662fc9fdab.cloudfront.net (CloudFront) X-Amz-Cf-Id: HBJgB_UBz1pKdUQf-08bsZDXGE3Cv9GD6X9e3aUx_R8ejPdlQxGD8g==

In "Edit Behavior" for "Cache Based on Selected Request Headers" I've added whitelist for Origin and Access-Control-Allow-Origin

I've also invalidated Object several times, as well I was waiting for the progress to finish on the distribution.

I'm not using S3.

I've also checked Setting Access-Control-Allow-Origin on Cloudfront

but it didn't help me.

Any advice is appreciated.

Distribution Settings

Improve this question
6
  • It looks like you have CloudFront pointing to Cloudflare, and you aren't getting the expected header back from Cloudflare, so you need to troubleshoot there. If the header is in the response, CloudFront will return it. Commented Mar 2, 2018 at 23:31
  • I've updated my post, somehow copy pasted wrong output at first, sorry about it. You can see there that I'm actually getting Access-Control-Allow-Origin but not via cloudfront Commented Mar 3, 2018 at 22:34
  • You say you have invalidated the object "multiple times" but you definitely had not successfully invalidated it when you captured this response -- otherwise RefreshHit from cloudfront would not happen. You need to invalidate exactly what the browser is requesting, or just invalidate /*. Commented Mar 3, 2018 at 23:22
  • I keep getting hits because I have a lot of traffic on my website. I've done exactly * for clear it all. Is it possible that I have to set distribution or some other settings different in cloudfront? Commented Mar 4, 2018 at 4:34
  • Are you sending an Origin header when you test? curl -v -H 'Origin: http://example.com' http://example.org/my/path? Commented Mar 4, 2018 at 4:39

1 Answer 1

Reset to default
1

Try purging your Cloudfront cache before retesting - the entire response is cached, including headers. I'm guessing what happened is:

  1. ACAO for CF was turned off
  2. curl made to CF - pulled response without ACAO into cache
  3. setting was changed to enable ACAO
  4. request was made - HIT in CF so the setting change was not reflected.

As a result, if you purge the cache and retry, you will get a new cache object generated with the proper headers.

Improve this answer
3
  • Hey Brennen, what is ACAO and how it can be turned off? Commented Mar 3, 2018 at 3:11
  • Sorry - ACAO = Access-Control-Allow-Origin. However I just re-read your post, and realized that I missed the bit about you purged the cache multiple times :( Commented Mar 3, 2018 at 3:15
  • I'm wondering if cloudfront needs me to setup different origin because I'm using cloudflare? I've also updated post to show that my domain returns ACAO Commented Mar 3, 2018 at 7:45

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.