6

I'm really struggling to get Cloudfront and S3 to add Access-Control-Allow-Origin: * to the headers of video files stored on S3 (for inline video on iPhones - seems to be working everywhere else however inline video is only working on iPhones from the same domain, so assume it's CORS related).

Only the first file in the bucket has the right headers

curl -I -H "Origin: https ://example.com" http://cdn.example.com/0000d723-5c73-4d71-953c-d7e29e70f17b.jpg HTTP/1.1 200 OK Content-Type: application/octet-stream Content-Length: 80962 Connection: keep-alive Date: Thu, 02 Jun 2016 00:38:50 GMT Access-Control-Allow-Origin: https://beek.co Access-Control-Allow-Methods: GET Access-Control-Max-Age: 3000 Access-Control-Allow-Credentials: true x-amz-meta-md5-hash: 18692618d1f6865694f08fb2dcd12201 Last-Modified: Wed, 15 Feb 2012 03:08:14 GMT ETag: "18692618d1f6865694f08fb2dcd12201" Accept-Ranges: bytes Server: AmazonS3 Vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method Age: 63 X-Cache: Hit from cloudfront Via: 1.1 284d225e590e6583c457dc0182ee6fe7.cloudfront.net (CloudFront) X-Amz-Cf-Id: n9NmaT8pwHg5BZmZqoPAxUlGBiLR7BqD5rxodzjfpKi2mFthhGzGyw==

But all the others don't

curl -I -H "Origin: https ://beek.co" http://cdn.example.co/93bd51ac-5a8c-4c08-ac67-42ee5e596477.mp4 HTTP/1.1 200 OK Content-Type: video/mp4 Content-Length: 44751245 Connection: keep-alive Date: Thu, 02 Jun 2016 00:40:47 GMT x-amz-meta-md5-hash: 6d64731504361705258f2b0f9023bd98 Last-Modified: Wed, 16 Mar 2016 20:29:25 GMT ETag: "6d64731504361705258f2b0f9023bd98" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Miss from cloudfront Via: 1.1 4f2b51b0906eb4177f90fe010732e8a3.cloudfront.net (CloudFront) X-Amz-Cf-Id: QhBT8ejONAUu5oxzvVXtzC0viSLxGRdBk0Rbq6yRdbxs9TTD7abawA==

Bucket is 'example-assets'

Bucket Policy is 

{ "Version": "2008-10-17", "Id": "http referer policy example", "Statement": [ { "Sid": "readonly policy", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::example-assets/*" } ] }

CORS configuration is

<?xml version="1.0" encoding="UTF-8"?> <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <CORSRule> <AllowedOrigin>http://*</AllowedOrigin> <AllowedOrigin>https://*</AllowedOrigin> <AllowedMethod>GET</AllowedMethod> <MaxAgeSeconds>3000</MaxAgeSeconds> <AllowedHeader>Authorization</AllowedHeader> </CORSRule> </CORSConfiguration>

Cloudfront distribution has 'origin' added to whitelist with settings as such. I've tried adding the other 2 as well and it doesn't seem to make any difference.

Capture.PNG

What am I missing!?

Improve this question
3
  • 1
    did you find a solution to this? i'm running into a similar problem with new files not being served the same way as older files in the same bucket Commented Jun 29, 2016 at 15:51
  • No I didn't but I did use an alternative curl statement that showed they were being returned with the correct CORS I think. I'll look in my notes and see what changed. Commented Jul 2, 2016 at 22:34
  • this seems like a possible duplicate from here: stackoverflow.com/questions/12358173/… Commented Jun 21, 2020 at 22:47

1 Answer 1

Reset to default
0

I had a problem that might be similar. CORS was an issue but only with some files in the S3 bucket. Deleteing the files with the CORS issue, syncing again and invalidating CloudFront solved the problem for me.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.