Search code examples
amazon-s3corsamazon-cloudfronthttp-live-streaming

AWS CloudFront - "CORS header ‘Access-Control-Allow-Origin’ missing" for single S3 Resource


I have a video service which will automatically convert uploaded MP4 files to HLS Streams using MediaConvert and store them in S3. From there, a CloudFront URL to the HLS Stream is used for displaying these videos. So far, every video making use of these stream urls displays properly, except one.

For this one stream/url, I'm getting the error "CORS header ‘Access-Control-Allow-Origin’ missing." From what I can tell there is no difference between this stream and any of the others. They all come from the same S3 bucket, all the CORS policies are setup on this bucket and in CloudFront.

I tried following instructions here for making sure that all of the CORS policies are setup correctly. Using that I was at least able to confirm that it is something to do with CloudFront. Using the command provided on the problem resource and a known good resource, I can see that CloudFront did not add the CORS headers to the response, but S3 does.

I then confirmed that CloudFront is configured to forward Access-Control-Request-Headers, Access-Control-Request-Method, and Origin to S3, and I confirmed that S3 has CORS configured to allow pretty much anything. S3 CORS config:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]

At this point, I really don't know what else could be wrong. Everything else I've been able to find in my searching has been about CORS across an entire bucket, not just a single resource in that bucket.

Even stranger, this stream was working earlier, several days prior to posting, then this issue arose randomly.

Any help would be appreciated. Thank you.


Solution

  • So turns out there was one configuration mistake that I missed. The CloudFront behavior was set up to use the SimpleCORS, when I needed it to actually use CORS-With-Preflight. Making that one change then invalidating the cache fixed the issue for me.