Reading this page https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html it states that :
Your users load the website endpoint: http://website.s3-website.us-east-1.amazonaws.com Now you want to use JavaScript on the webpages that are stored in this bucket to be able to make authenticated GET and PUT requests against the same bucket by using the Amazon S3 API endpoint for the bucket, website.s3.us-east-1.amazonaws.com. A browser would normally block JavaScript from allowing those requests
Why would a browser require CORS to be enabled for requests back to the same server that hosts the static content ? i.e. website.s3.us-east-1.amazonaws.com.
CodePudding user response:
I can understand confusion, it could be rewritten better.
S3 REST API endpoints are of the format s3.us-east-1.amazonaws.com
and website endpoints are website.s3.us-east-1.amazonaws.com
When we host website and do GET/PUT requests, they call s3 api with param as bucket name (website) and path. Hence, CORS is needed.