Hello
I have configured my CloudFront to use a custom response header CORS policy:
Cross-origin resource sharing (CORS)Info
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET
OPTIONS
Access-Control-Allow-Origin
https://www.xxx.com
Access-Control-Expose-Headers
Access-Control-Max-Age (seconds)
600
Origin override
request header:
GET /index.m3u8 HTTP/2
Host: cdn.xxx.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: /
Accept-Language: zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Origin: https://www.xxx.com
Connection: keep-alive
Cookie: CloudFront-Policy=xxx; CloudFront-Signature=xxx; CloudFront-Key-Pair-Id=xxx;
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
response header:
HTTP/2 200 OK
content-type: application/x-mpegURL
date: Mon, 07 Feb 2022 17:24:34 GMT
last-modified:
etag:
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-xss-protection: 1
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
access-control-allow-origin: https://www.xxx.com
vary: Origin
x-cache: Hit from cloudfront
via: cloudfront.net (CloudFront)
x-amz-cf-pop: HKG62-C2
x-amz-cf-id: 6K23FSOHSfGJli3mnSFRfs4nvYXgKw68Ul_s8b5PUsKLg1HrzLqL8w==
age: 3929
X-Firefox-Spdy: h2
I try to use HLS request. The response include access-control-allow-origin:https://www.xxx.com. But not include Access-Control-Allow-Credentials.