Ad

How To Validate If CORS Is Properly Set On My S3 Bucket?

I have this resource on available via cloudfront cdn https://d2t70e97bm7kcz.cloudfront.net/app_pfsandbox01/staticapi/MenuTree.json

The S3 bucket is public and the file path is https://s3.amazonaws.com/appsres/app_pfsandbox01/staticapi/MenuTree.json

The S3 bucket has the following CORS settings

 <?xml version="1.0" encoding="UTF-8"?>
 <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
 <CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
 </CORSRule>
 </CORSConfiguration>

I want the resources in this bucket to be used in several different apps (PWAs) with different domains without having to set up a specific CDN for each app/domain. I need to know how to validate if this resource will be fetched from any app under any domain?

Thanks

Ad

Answer

Used https://apitester.com/

Crafted a custom OPTIONS request using Access-Control-Request-Method: GET Origin: https://dummydomain.com

enter image description here

Got a succesfull response:

enter image description here

Ad
source: stackoverflow.com
Ad