Search code examples
twittercdnamazon-cloudfrontpinterest

Image Fetch issues in Pinterest and Twitter from Amazon CloudFront


I have got a server which points to AWS ec2. - domain:-hometriangle.com

And the Images are getting served from AWS CloudFront with SSL which internally points to ec2.: domain:-static.hometriangle.com

Both Pinterest and Twitter are not able to fetch images. Whereas Facebook and Google are handling it well.

Twitter errors:I get following logs in Card Validator

> INFO: Page fetched successfully INFO: 22 metatags were found INFO:
> twitter:card = gallery tag found ERROR: Internal Proxy Image Service
> Error (twitter:image0) ERROR: Internal Proxy Image Service Error
> (twitter:image1) ERROR: Internal Proxy Image Service Error
> (twitter:image2) ERROR: Internal Proxy Image Service Error
> (twitter:image3) ERROR: Internal Proxy Image Service Error

Pinterest Errors: Oops Unable to fetch/ Something is wrong.

My robots.txt for cdn url looks like this

User-agent: Twitterbot
Disallow:

User-agent: Pinterest 
Disallow:

User-agent: *
Allow: /robots.txt
Allow: /imagecache/*
Disallow: /

Example of Meta Tags Used:

<meta property="og:image" content="https://static.hometriangle.com/imagecache/media/2916/htr-image-small-bathroom-390-2916.jpg?size=1200x630-3"/>
<meta property="twitter:image0" content="https://static.hometriangle.com/imagecache/media/2916/htr-image-small-bathroom-390-2916.jpg?size=1200x630-3"/>

If I replace cloudfront urls with direct urls, Images are getting fetched. What could be the issue?

One of the Errorneous Page: https://hometriangle.com/photos/2/bathroom One of the Errorneous Image: https://static.hometriangle.com/imagecache/media/2916/htr-image-small-bathroom-390-2916.jpg?size=1200x630-3


Solution

  • I've also encountered this issue with Pinterest. Some experimenting revealed that Pinterest has issues with SNI (Server Name Indication) -based SSL connections.

    To demonstrate this, I set up 2 new Cloudfront distributions. Both had SSL enabled, one used the default Cloudfront certificate and the other used my custom certificate and required SNI. I don't have the budget to try the $600/month SSL option so I can't comment on that.

    Both distributions were accessible via the browser using the Cloudfront URL over SSL.

    Pinterest was able to pin from the non-SNI distribution but unable to pin from the SNI-based distribution.

    I sent Pinterest a support request over a week ago but all I got was automated responses. Bom-bom.

    Here's the wiki on SNI. All major modern browsers support it but I guess whatever Pinterest is written in does not. http://en.wikipedia.org/wiki/Server_Name_Indication