CORS Error While Accessing AWS S3 Bucket with Public Access Blocked for Image Viewing and Printing

0

I'm trying to set up an AWS S3 bucket for secure image handling on my website. Users should be able to upload, view, and print images. The bucket's public access is blocked to prevent direct access to the object URLs.

Current Setup:

Bucket Policy:

{
    "Version": "2012-10-17",
    "Id": "PolicyForWebsiteAccess",
    "Statement": [
        {
            "Sid": "AllowWebsiteAccessForViewing",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucket/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "https://example.com/*",
                        "https://example.com"
                    ]
                }
            }
        },
        {
            "Sid": "AllowWebsiteAccessForUploads",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::mybucket/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "https://example.com/*",
                        "https://example.com"
                    ]
                }
            }
        }
    ]
}

CORS configuration :

[
    {
        "AllowedHeaders": ["*"],
        "AllowedMethods": ["GET", "HEAD", "POST", "PUT"],
        "AllowedOrigins": ["https://example.com"],
        "ExposeHeaders": ["ETag"],
        "MaxAgeSeconds": 3000
    }
]

Issue:

When users view images on the website, everything functions correctly. However, when trying to print these images, the browser console shows a CORS error:

Access to image at 'https://mybucket.s3.ap-south-1.amazonaws.com/test/user-001/testimage.jpg' from origin 'https://example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Goal:

I want users to:

Upload images through the website.

View and print these images while ensuring the S3 bucket's public access is blocked

Sohail
asked 2 months ago123 views
1 Answer
1

Hello.

Does the error persist even if you change "AllowedOrigins" in the S3 bucket's CORS policy to "*"?
By the way, what kind of request is being sent for printing?
https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors-troubleshooting.html

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions