Home > Software design >  Why does a static website hosted on AWS S3 require CORS to be enabled
Why does a static website hosted on AWS S3 require CORS to be enabled

Time:09-23

Reading this page https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html it states that :

Your users load the website endpoint: http://website.s3-website.us-east-1.amazonaws.com Now you want to use JavaScript on the webpages that are stored in this bucket to be able to make authenticated GET and PUT requests against the same bucket by using the Amazon S3 API endpoint for the bucket, website.s3.us-east-1.amazonaws.com. A browser would normally block JavaScript from allowing those requests

Why would a browser require CORS to be enabled for requests back to the same server that hosts the static content ? i.e. website.s3.us-east-1.amazonaws.com.

CodePudding user response:

I can understand confusion, it could be rewritten better.

S3 REST API endpoints are of the format s3.us-east-1.amazonaws.com and website endpoints are website.s3.us-east-1.amazonaws.com When we host website and do GET/PUT requests, they call s3 api with param as bucket name (website) and path. Hence, CORS is needed.

  • Related