In AWS CloudFront I set this within: "Allowed HTTP Methods" in the "Default Cache Behavior Settings" area:
GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
My CloudFront is linked to an AWS S3 bucket. So I set the AWS S3 CORS configuration to:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
My current AWS S3 bucket policy is:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<bucket_name_here>/*"
}
]
}
Unfortunately when run through curl
I get:
$ curl -I -s -X POST -H "Origin: www.example.com" [hash_here].cloudfront.net
HTTP/1.1 405 Method Not Allowed
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD
Access-Control-Max-Age: 3000
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
Allow: GET, DELETE, HEAD, PUT
Date: Sun, 01 Mar 2015 14:12:26 GMT
Server: AmazonS3
X-Cache: Error from cloudfront
Via: 1.1 5896eef8502a96757950c7d389f2015c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: uBK_gStEvSTWypvU8_YYjtfjC2UzdR3Ff_cDLitMaeUBNZ9AgrSkJg==
/api/*
to ELB, and all other paths to CloudFront? - Or should I use CloudFront's "Custom Origins" (ref) to forward onto my/api/*
? – OsmenAllow: GET, DELETE, HEAD, PUT
that gives that away in curl testing. – Uncharted