CORS issue for OPTIONS method in Cloudfront Distribution + S3 Origin

Question

Hi,

We are facing an CORS issue for OPTIONS method in CloudFront Distribution with origin to S3 bucket.

I have configured below settings in the Distribution.

-Allowed OPTIONS method.
-Used 'CORS-S3Origin' policy  in Origin request policy.
-Used 'CORS-With-Preflight' policy in Response headers policy.

We have also added a below CORS configuration in S3 bucket as well.

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "HEAD"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": []
    }
]

But still we are not getting OPTIONS method in a "access-control-allow-methods:" response header we are getting GET and HEAD methods in response.

We also tried with multiple Cloudfront functions as well but did not succeeded and received 403, 502, or function validations errors.

Can you please help us? here only we need to achieve that CORS should allow for wildcard origin for OPTIONS method along with GET and HEAD.

Thanks,
Girish

Answer

For S3, [AllowedMethod element](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManageCorsUsing.html#cors-allowed-methods) are:

```
GET
PUT
POST
DELETE
HEAD
```

[S3 allows OPTIONS request by default]https://docs.aws.amazon.com/AmazonS3/latest/API/RESTOPTIONSobject.html) and CloudFront allows OPTIONS request if you enabled it in behavior setting.

So, your application does not need to evaluate a CORS response like ["Access-Control-Allow-Methods: POST, GET, OPTIONS"](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) defined in MDN CORS document to check if S3 or CloudFront supports OPTIONS method.

CORS issue for OPTIONS method in Cloudfront Distribution + S3 Origin

Relevant content