Amazon S3 CORS works with HTTP but not HTTPS -


i can amazon s3 pass cors headers http, not https. how work both? if we're using akamai cdn?

here's bucket configuration: 

<?xml version="1.0" encoding="utf-8"?> <corsconfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">    <corsrule>         <allowedorigin>https://*</allowedorigin>         <allowedorigin>http://*</allowedorigin>         <allowedmethod>get</allowedmethod>         <maxageseconds>3000</maxageseconds>         <allowedheader>*</allowedheader>     </corsrule>  </corsconfiguration>

here's test. difference between these 1 uses http, other uses https. both resources load fine in browser, use them in cors setting https. 

pnore@mbp> curl -i -h "origin: http://example.com"   -h "access-control-request-method: get" -h 'pragma: no-cache' --verbose http://my.custom.domain/path/to/file/in/bucket | head -n 15 * adding handle: conn: 0x7fee83803a00 * adding handle: send: 0 * adding handle: recv: 0 * curl_addhandletopipeline: length: 1 * - conn 0 (0x7fee83803a00) send_pipe: 1, recv_pipe: 0   % total    % received % xferd  average speed   time    time     time  current                                  dload  upload   total   spent    left  speed   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* connect() my.custom.domain port 80 (#0) *   trying 23.23.23.23... * connected my.custom.domain (23.23.23.23) port 80 (#0)   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0> /path/to/file/in/bucket http/1.1 > user-agent: curl/7.30.0 > host: my.custom.domain > accept: */* > origin: http://example.com > access-control-request-method: > pragma: no-cache > < http/1.1 200 ok < x-amz-id-2: random < x-amz-request-id: random < access-control-allow-origin: http://example.com < access-control-allow-methods: < access-control-max-age: 3000 < access-control-allow-credentials: true < vary: origin, access-control-request-headers, access-control-request-method < last-modified: tue, 10 jun 2014 15:34:38 gmt < etag: "random" < accept-ranges: bytes < content-type: video/webm < content-length: 8981905 * server amazons3 not blacklisted < server: amazons3 < date: fri, 19 jun 2015 21:31:22 gmt < connection: keep-alive < { [data not shown] http/1.1 200 ok x-amz-id-2: random x-amz-request-id: random access-control-allow-origin: http://example.com access-control-allow-methods: access-control-max-age: 3000 access-control-allow-credentials: true vary: origin, access-control-request-headers, access-control-request-method last-modified: tue, 10 jun 2014 15:34:38 gmt etag: "random" accept-ranges: bytes content-type: video/webm content-length: 8981905 server: amazons3 date: fri, 19 jun 2015 21:31:22 gmt ...  pnore@mbp> curl -i -h "origin: http://example.com"   -h "access-control-request-method: get" -h 'pragma: no-cache' --verbose https://my.custom.comain/path/to/file/in/bucket | head -n 15 * adding handle: conn: 0x7fd24380c000 * adding handle: send: 0 * adding handle: recv: 0 * curl_addhandletopipeline: length: 1 * - conn 0 (0x7fd24380c000) send_pipe: 1, recv_pipe: 0   % total    % received % xferd  average speed   time    time     time  current                                  dload  upload   total   spent    left  speed   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* connect() my.custom.domain port 443 (#0) *   trying 23.23.23.23... * connected my.custom.domain (23.23.23.23) port 443 (#0) * tls 1.2 connection using tls_rsa_with_aes_256_cbc_sha * server certificate: my.custom.domain * server certificate: geotrust ssl ca - g4 * server certificate: geotrust global ca > /path/to/file/in/bucket http/1.1 > user-agent: curl/7.30.0 > host: my.custom.domain > accept: */* > origin: http://example.com > access-control-request-method: > pragma: no-cache > < http/1.1 200 ok < x-amz-id-2:  < x-amz-request-id:  < last-modified: tue, 10 jun 2014 15:34:38 gmt < etag: "random" < accept-ranges: bytes < content-type: video/webm < content-length: 8981905 * server amazons3 not blacklisted < server: amazons3 < date: fri, 19 jun 2015 21:31:29 gmt < connection: keep-alive < { [data not shown] http/1.1 200 ok x-amz-id-2:  x-amz-request-id:  last-modified: tue, 10 jun 2014 15:34:38 gmt etag: "random" accept-ranges: bytes content-type: video/webm content-length: 8981905 server: amazons3 date: fri, 19 jun 2015 21:31:29 gmt connection: keep-alive  ...

note first request contains desired access-control-allow-origin header, , second not.

i've tried <allowedorigin>*</allowedorigin> , using different <corsrule> blocks each <allowedorigin>.

references i've checked:

  1. getting s3 cors access-control-allow-origin dynamically echo requesting domain 1
  2. amazon s3 cors (cross-origin resource sharing) , firefox cross-domain font loading 1
  3. getting s3 cors access-control-allow-origin dynamically echo requesting domain
  4. aws s3 bucket cors configuration not saving properly
  5. http://blog.errorception.com/2014/11/enabling-cors-on-amazon-cloudfront-with.html
  6. correct s3 + cloudfront cors configuration?
  7. https://forums.aws.amazon.com/thread.jspa?messageid=377513
  8. how configure ssl amazon s3 bucket
  9. https amazon s3 static website
  10. ssl on amazon s3 "static website"

i couldn't find documentation explicitly mentioned it, appears cors configuration bucket allows 1 <allowedorigin> per <corsrule> element entry. allowed 100 <corsrule> entries in configuration. therefore, in order configuration support both http , https should create two <corsrule> entries, so:

<corsconfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">   <corsrule>     <allowedorigin>https://*</allowedorigin>     <allowedmethod>get</allowedmethod>     <maxageseconds>3000</maxageseconds>     <allowedheader>*</allowedheader>   </corsrule>    <corsrule>     <allowedorigin>http://*</allowedorigin>     <allowedmethod>get</allowedmethod>     <maxageseconds>3000</maxageseconds>     <allowedheader>*</allowedheader>   </corsrule>  </corsconfiguration>

fwiw, have not tried it, configuration may support protocol agnostic format, e.g. <allowedorigin>//*</allowedorigin>.


Comments

Post a Comment

Popular posts from this blog

symfony - TEST environment only: The database schema is not in sync with the current mapping file -

there similar questions regarding issue haven't seen in particular test environment , sqlite. cannot validate schema test environment uses sqlite can validate schemas dev environment uses mysql. know reason , possible solution? whole application works fine in both dev , test environments though. phing , ci build broken. php app/console doctrine:schema:update --force --env=test updating database schema... database schema updated successfully! "9" queries executed php app/console doctrine:schema:validate --env=test [mapping] ok - mapping files correct. [database] fail - database schema not in sync current mapping file. update i'm adding sqldump result see if spots wrong it. thing can is, have 2 bundles. country below coming frontendbundle user entity missing defined in backendbundle . php app/console doctrine:schema:update --dump-sql --env=test drop index uniq_5373c9665e237e06; drop index uniq_5373c966d1f4eb9a; create temporary table __temp__country se...
Read more

twig - Using Twigbridge in a Laravel 5.1 Package -

i'm trying create laravel 5.1 package uses twigbridge instead of .php views. can normal .php views display fine, when try make use of .twig templates i'm met error. possible use twigbridge templates when creating views laravel package or pretty stuck blade , php ? edit 1: loading twig template without extending works. it's when start using {% extends 'file' %} error comes out. i error error loading /virtual/laravel/packages/username/mypackage/src/views/sample.twig: template "templates.master" not defined () in "/virtual/laravel/packages/username/mypackage/src/views/sample.twig" @ line 1. my folders username |_ mypackage |_ src |_ controllers - samplecontroller.php |_ views |_ templates - master.twig - sample.twig twig template sample.twig {% extends 'templates.master' %} {% block content %} {{ parent() ...
Read more

jdbc - Not able to establish database connection in eclipse -

i want make new database connection (db2) in eclipse purpose of using jpa. in jpa perspective, in data source explorer view, when try create new db connection, receive following logs when try ping server. org.eclipse.datatools.connectivity.exceptions.dbnotstartexception: no start database command issued. errorcode = -4499, sqlstate = 08001. @ org.eclipse.datatools.enablement.ibm.db2.internal.luw.jdbcluwjdbcconnection.getconnectexception(jdbcluwjdbcconnection.java:74) @ org.eclipse.datatools.connectivity.ui.pingjob.gettestconnectionexception(pingjob.java:81) @ org.eclipse.datatools.connectivity.ui.pingjob.run(pingjob.java:63) @ org.eclipse.core.internal.jobs.worker.run(worker.java:54) caused by: com.ibm.db2.jcc.am.ro: [jcc][t4][2043][11550][4.8.87] exception java.net.connectexception: error opening socket server example.example.com/51.37.93.117 on port 50,000 message: connection timed out: connect. errorcode=-4499, sqlstate=08001 @ com.ibm.db2.jcc.am.gd.a(gd.j...
Read more