CORS issue for OPTIONS method in Cloudfront Distribution + S3 Origin



We are facing an CORS issue for OPTIONS method in CloudFront Distribution with origin to S3 bucket.

I have configured below settings in the Distribution.

-Allowed OPTIONS method. -Used 'CORS-S3Origin' policy in Origin request policy. -Used 'CORS-With-Preflight' policy in Response headers policy.

We have also added a below CORS configuration in S3 bucket as well.

[ { "AllowedHeaders": [ "" ], "AllowedMethods": [ "GET", "HEAD" ], "AllowedOrigins": [ "" ], "ExposeHeaders": [] } ]

But still we are not getting OPTIONS method in a "access-control-allow-methods:" response header we are getting GET and HEAD methods in response.

We also tried with multiple Cloudfront functions as well but did not succeeded and received 403, 502, or function validations errors.

Can you please help us? here only we need to achieve that CORS should allow for wildcard origin for OPTIONS method along with GET and HEAD.

Thanks, Girish

asked 8 months ago434 views
1 Answer

For S3, AllowedMethod element are:


[S3 allows OPTIONS request by default] and CloudFront allows OPTIONS request if you enabled it in behavior setting.

So, your application does not need to evaluate a CORS response like "Access-Control-Allow-Methods: POST, GET, OPTIONS" defined in MDN CORS document to check if S3 or CloudFront supports OPTIONS method.

answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions