I use Amazon's S3 and CloudFront for assets delivery. I have specified CORS configuration at S3 bucket:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
So when I open app using http it's ok. But when I open it using https it says
Origin https://<app-domain> is not allowed by Access-Control-Allow-Origin.
Am I missing something?
I found that this is CloudFront bug. It caches first origin that accesses S3 and doesn't allow another origins in future. As a workaround this can be used.