CloudFront CORS headers getting cached, resulting in cross origin problems
My website is loading images from an S3 Bucket which has the following configuration:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
This S3 bucket is connected to CloudFront distribution which has the following cache/origin policies:
My website uses multiple domains, e.g. example1.com, example2.com, and it loads all the images perfectly. The problem begins when some libraries or SDKs try to access those images, I sometime, randomly, get cross origin error.
I think the problem is, that CloudFront caches the origin. So if a user tries to get image.jpg from example1.com, and then some other user tries to get image.jpg from example2.com, CloudFront cached origin example1.com to the request, and it will result in cross origin. To overcome this I'm using ?v=randomInt query param. This is bad practice though as I'm always getting a fresh copy of image.jpg and actually not using the cache.
Is there a way to NOT cache the origin headers, so both example1.com and example2.com can get image.jpg with their own origin? I tried removing the headers from the cache policy, but without any luck.
The error is as follows (after watermark.js tries to fetch the image with crossorigin="anonymous":
Access to image at 'https://cdn.treedis.com/tours/3453/tags/icons/8d2d0686-b3b9-4693-8167-0b652793c224.png' from origin example2.com has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
Once I add ?v=1234 to the URL of the image, it works fine. So it must be the cache.
Since you've already included Origin in your cache key, I don't think you will encounter this problem any more. Just create an invalidation of path /*, and the problem will hopefully be resolved.
- Amazon S3 error- A conflicting conditional operation is currently in progress against this resource.
- Why are my S3 images are not valid for Facebook Javascript SDK?
- Amazon S3 - How to fix 'The request signature we calculated does not match the signature' error?
- Amazon S3 : access without Secret Key
- AWS s3 V3 Javascript SDK stream file from bucket (GetObjectCommand)
- Generate S3 URL in "path-style" format
- How to authenticate large numbers of amazon S3 get requests
- AWS SDK file upload to S3 via Node/Express using stream PassThrough - file is always corrupt
- How to specify a prefix when uploading to S3 using activestorage's direct upload?
- How to perform AWS S3 Multipart Copy with golang
- Amazon Web Services : Setting S3 policy to allow putObject and getObject but deny listBucket
- Can I switch to Amazon S3 later in Rails 7 after using local storage?
- How to upgrade AWS CLI to the latest version?
- getting "The bucket does not allow ACLs" Error
- Dynamically build a zip archive on AWS S3 using the Java SDK?
- OPA eval command
- What is the difference between AWS Glue ETL Job and AWS EMR?
- PostgreSQL `aws_s3` Extension: SSL Certificate Verification Failed with Self-Signed Certificate
- How can I use boto to stream a file out of Amazon S3 to Rackspace Cloudfiles?
- Downloading App update OTA from Amazon Aws s3 iOS
- Issue uploading files to S3 from Django in Docker
- pyspark overwrite silently failed to remove stale parquet files
- How to apply BucketPolicy (LifecycleConfiguration) to an existing bucket using CloudFormation template?
- Amazon S3 console: download multiple files at once
- Image from S3 bucket does not display on server
- Missing required field Principal - Amazon S3 - Bucket Policy
- Laravel + AWS S3: cURL error 60
- How to read remote video on Amazon S3 using ffmpeg
- Terragrunt string interpolation on generate block
- What to do when getting 'software.amazon.awssdk.services.s3 does not exist' error in Maven project?