Has there been any CORS changes implemented recently? #5782
Description
Hi,
I am sorry for this question, as it might not be a proper bug report and it might simply show an error on my side, but I've been using Cloudserver for storing files in a testing environment for about two years now, perhaps longer. And while I made little to no changes in my code in this respect, direct file uploads (using presigned url) recently stopped working for me for CORS reasons.
So whenever I do a request like this:
PUT: http://localhost:9000/image.jpg?X-Amz-Algorithm=...
I end up with an error 403, CORS Missing Allow Origin.
This likely used to be enough previously (from @aws-sdk/client-s3):
new PutBucketCorsCommand({
Bucket: bucket,
CORSConfiguration: {
CORSRules: [{
AllowedOrigins: [
"*"
],
AllowedMethods: [
"PUT"
],
AllowedHeaders: [
"*"
],
MaxAgeSeconds: 60000
}]
}
});
Now, the only solution I have is to overwrite this on the Nginx level, adding in these things to the respective location rules:
proxy_hide_header Access-Control-Allow-Origin;
if ($request_method = OPTIONS ) {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'PUT';
add_header 'Access-Control-Allow-Headers' 'Authorization, Origin, X-Requested-With, Content-Type, Accept';
return 200;
}
add_header 'Access-Control-Allow-Origin' '*';
My questions are the following:
- Why could
PutBucketCorsCommandbe ignored? Or was it always? - What is the proper way to do this? Is the Nginx overwrite ok?
It might be worth noting that I am using this Docker image for the Cloudserver: https://hub.docker.com/r/zenko/cloudserver/
Thank you very much.