Amazon S3 CORS works with HTTP but not HTTPS -


i can amazon s3 pass cors headers http, not https. how work both? if we're using akamai cdn?

here's bucket configuration: 

<?xml version="1.0" encoding="utf-8"?> <corsconfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">    <corsrule>         <allowedorigin>https://*</allowedorigin>         <allowedorigin>http://*</allowedorigin>         <allowedmethod>get</allowedmethod>         <maxageseconds>3000</maxageseconds>         <allowedheader>*</allowedheader>     </corsrule>  </corsconfiguration>

here's test. difference between these 1 uses http, other uses https. both resources load fine in browser, use them in cors setting https. 

pnore@mbp> curl -i -h "origin: http://example.com"   -h "access-control-request-method: get" -h 'pragma: no-cache' --verbose http://my.custom.domain/path/to/file/in/bucket | head -n 15 * adding handle: conn: 0x7fee83803a00 * adding handle: send: 0 * adding handle: recv: 0 * curl_addhandletopipeline: length: 1 * - conn 0 (0x7fee83803a00) send_pipe: 1, recv_pipe: 0   % total    % received % xferd  average speed   time    time     time  current                                  dload  upload   total   spent    left  speed   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* connect() my.custom.domain port 80 (#0) *   trying 23.23.23.23... * connected my.custom.domain (23.23.23.23) port 80 (#0)   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0> /path/to/file/in/bucket http/1.1 > user-agent: curl/7.30.0 > host: my.custom.domain > accept: */* > origin: http://example.com > access-control-request-method: > pragma: no-cache > < http/1.1 200 ok < x-amz-id-2: random < x-amz-request-id: random < access-control-allow-origin: http://example.com < access-control-allow-methods: < access-control-max-age: 3000 < access-control-allow-credentials: true < vary: origin, access-control-request-headers, access-control-request-method < last-modified: tue, 10 jun 2014 15:34:38 gmt < etag: "random" < accept-ranges: bytes < content-type: video/webm < content-length: 8981905 * server amazons3 not blacklisted < server: amazons3 < date: fri, 19 jun 2015 21:31:22 gmt < connection: keep-alive < { [data not shown] http/1.1 200 ok x-amz-id-2: random x-amz-request-id: random access-control-allow-origin: http://example.com access-control-allow-methods: access-control-max-age: 3000 access-control-allow-credentials: true vary: origin, access-control-request-headers, access-control-request-method last-modified: tue, 10 jun 2014 15:34:38 gmt etag: "random" accept-ranges: bytes content-type: video/webm content-length: 8981905 server: amazons3 date: fri, 19 jun 2015 21:31:22 gmt ...  pnore@mbp> curl -i -h "origin: http://example.com"   -h "access-control-request-method: get" -h 'pragma: no-cache' --verbose https://my.custom.comain/path/to/file/in/bucket | head -n 15 * adding handle: conn: 0x7fd24380c000 * adding handle: send: 0 * adding handle: recv: 0 * curl_addhandletopipeline: length: 1 * - conn 0 (0x7fd24380c000) send_pipe: 1, recv_pipe: 0   % total    % received % xferd  average speed   time    time     time  current                                  dload  upload   total   spent    left  speed   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* connect() my.custom.domain port 443 (#0) *   trying 23.23.23.23... * connected my.custom.domain (23.23.23.23) port 443 (#0) * tls 1.2 connection using tls_rsa_with_aes_256_cbc_sha * server certificate: my.custom.domain * server certificate: geotrust ssl ca - g4 * server certificate: geotrust global ca > /path/to/file/in/bucket http/1.1 > user-agent: curl/7.30.0 > host: my.custom.domain > accept: */* > origin: http://example.com > access-control-request-method: > pragma: no-cache > < http/1.1 200 ok < x-amz-id-2:  < x-amz-request-id:  < last-modified: tue, 10 jun 2014 15:34:38 gmt < etag: "random" < accept-ranges: bytes < content-type: video/webm < content-length: 8981905 * server amazons3 not blacklisted < server: amazons3 < date: fri, 19 jun 2015 21:31:29 gmt < connection: keep-alive < { [data not shown] http/1.1 200 ok x-amz-id-2:  x-amz-request-id:  last-modified: tue, 10 jun 2014 15:34:38 gmt etag: "random" accept-ranges: bytes content-type: video/webm content-length: 8981905 server: amazons3 date: fri, 19 jun 2015 21:31:29 gmt connection: keep-alive  ...

note first request contains desired access-control-allow-origin header, , second not.

i've tried <allowedorigin>*</allowedorigin> , using different <corsrule> blocks each <allowedorigin>.

references i've checked:

  1. getting s3 cors access-control-allow-origin dynamically echo requesting domain 1
  2. amazon s3 cors (cross-origin resource sharing) , firefox cross-domain font loading 1
  3. getting s3 cors access-control-allow-origin dynamically echo requesting domain
  4. aws s3 bucket cors configuration not saving properly
  5. http://blog.errorception.com/2014/11/enabling-cors-on-amazon-cloudfront-with.html
  6. correct s3 + cloudfront cors configuration?
  7. https://forums.aws.amazon.com/thread.jspa?messageid=377513
  8. how configure ssl amazon s3 bucket
  9. https amazon s3 static website
  10. ssl on amazon s3 "static website"

i couldn't find documentation explicitly mentioned it, appears cors configuration bucket allows 1 <allowedorigin> per <corsrule> element entry. allowed 100 <corsrule> entries in configuration. therefore, in order configuration support both http , https should create two <corsrule> entries, so:

<corsconfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">   <corsrule>     <allowedorigin>https://*</allowedorigin>     <allowedmethod>get</allowedmethod>     <maxageseconds>3000</maxageseconds>     <allowedheader>*</allowedheader>   </corsrule>    <corsrule>     <allowedorigin>http://*</allowedorigin>     <allowedmethod>get</allowedmethod>     <maxageseconds>3000</maxageseconds>     <allowedheader>*</allowedheader>   </corsrule>  </corsconfiguration>

fwiw, have not tried it, configuration may support protocol agnostic format, e.g. <allowedorigin>//*</allowedorigin>.


Comments

Post a Comment

Popular posts from this blog

powershell Start-Process exit code -1073741502 when used with Credential from a windows service environment -

i'm running strange behavior powershell start-process call. here call: $process = start-process ` "c:\somepath\mybinary.exe" ` -passthru ` -credential $defaultcredential ` -wait ` -workingdirectory "c:\somepath" ` -loaduserprofile if ($process.exitcode -ne 0) { #do } this call return exit code - 1073741502 . after quick search, exit code seems related generic error when program not load required dll (aka. status_dll_init_failed ). when run without -credential $credential program runs correctly. in order isolate problem, manually launched some.exe in prompt target credential , runs smoothly. so problem seems come way start-process cmdlet launch process. i found potential solutions problem tried apply no luck : link , link . would have idea of what's going on here ? edit 1: run proc mon monitoring program activities when launched directly or via powershell script. problem seems occur when loading kernelbase
Read more

twig - Using Twigbridge in a Laravel 5.1 Package -

i'm trying create laravel 5.1 package uses twigbridge instead of .php views. can normal .php views display fine, when try make use of .twig templates i'm met error. possible use twigbridge templates when creating views laravel package or pretty stuck blade , php ? edit 1: loading twig template without extending works. it's when start using {% extends 'file' %} error comes out. i error error loading /virtual/laravel/packages/username/mypackage/src/views/sample.twig: template "templates.master" not defined () in "/virtual/laravel/packages/username/mypackage/src/views/sample.twig" @ line 1. my folders username |_ mypackage |_ src |_ controllers - samplecontroller.php |_ views |_ templates - master.twig - sample.twig twig template sample.twig {% extends 'templates.master' %} {% block content %} {{ parent()
Read more

c# - LINQ join Entities from HashSet's, Join vs Dictionary vs HashSet performance -

i have hashset's each stores t, have written test application compares different relation algorithms can think of, i'm not pleased results getting. does there exist more efficient ways of achieving object relations, once testing? using system; using system.collections.generic; using system.linq; using system.text; using system.threading.tasks; using system.diagnostics; namespace linqtests { class program { static void main(string[] args) { hashset<user> usertable = new hashset<user>(); hashset<userproperty> userpropertytable = new hashset<userproperty>(); #region lets create dummy data. console.writeline("please wait while creating dummy data, can take while..."); console.writeline(""); int rows = 1000000; for(int x = 0; x < rows; x++) { random rnd = new random(); // ad
Read more