Hello,
I’ve an S3 bucket with a CORS configuration allowing all origins behind a CloudFront distribution configured with the Managed-CORS-S3Origin origin request policy and the Managed-CORS-and-SecurityHeadersPolicy response headers policy associated to its default behavior.
- When the cache is empty and I do an HTTP GET request using curl to retrieve and object without setting the origin header, I get a cache miss and I don’t get the access-control-allow-origin header, which is expected.
- After that, when I do the same request with the origin header set, I get a cache hit and I get the access-control-allow-origin header set to *, which is expected.
- Then, when I do the same request with the origin header set and with the cache-control header set to no-cache, I get a cache hit and I don’t get the access-control-allow-origin header, and I really don’t understand why.
Is it a bug in CloudFront or did I miss something?
Regards
Yann