By mepagency
Hi I’m getting strange errors from my websites when I try to make HEAD request using fetch() API.
My CORS configuration should be fine:
# Output from AWS CLI
{
"CORSRules": [
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"HEAD"
],
"AllowedOrigins": [
"https://*.gvs-staging.dev"
],
"MaxAgeSeconds": 0
}
]
}
When I run curl I get a different response using the CDN url and direct access URL:
# Direct access
curl -I https://gvs-dev-storage.fra1.digitaloceanspaces.com/page-images/seo-general-settings/seo-image/seo-images/202012171140-5904fe1b45774336/og_image_fallback.png -H "Origin:https://www.gvs-staging.dev" -X HEAD
HTTP/1.1 200 OK
Content-Length: 3173
Accept-Ranges: bytes
Last-Modified: Tue, 19 Jan 2021 00:43:11 GMT
x-rgw-object-type: Normal
ETag: "9597b3630f58987f424f9bfa895bd585"
Cache-Control: max-age=604800
x-amz-request-id: tx00000000000001fb5aa19-0060097637-2e1cef0-fra1b
Access-Control-Allow-Origin: https://www.gvs-staging.dev
Vary: Origin
Access-Control-Allow-Methods: HEAD
Access-Control-Max-Age: 0
Content-Type: image/png
Date: Thu, 21 Jan 2021 12:40:23 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
# CDN
curl -I https://gvs-dev-storage.fra1.cdn.digitaloceanspaces.com/page-images/seo-general-settings/seo-image/seo-images/202012171140-5904fe1b45774336/og_image_fallback.png -H "Origin:https://www.gvs-staging.dev" -X HEAD
HTTP/1.1 200 OK
Date: Thu, 21 Jan 2021 12:40:05 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 3173
Content-Type: image/png
X-HW: 1611232805.dop021.ml1.t,1611232805.cds207.ml1.shn,1611232805.dop021.ml1.t,1611232805.cds007.ml1.p
x-rgw-object-type: Normal
ETag: "9597b3630f58987f424f9bfa895bd585"
Cache-Control: max-age=604800
x-amz-request-id: tx00000000000001fbf2889-0060097625-2e63dbc-fra1b
Access-Control-Allow-Origin: https://www.gvs-staging.dev
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 0
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Last-Modified: Tue, 19 Jan 2021 00:43:11 GMT
Shouldn’t Access-Control-Allow-Methods always be HEAD?
Thank you for your time.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya,
When making HEAD requests to an S3 bucket through a CDN, you may see a different Access-Control-Allow-Methods header than when making direct requests to the bucket. This is because CDNs often cache content and serve it from their own servers, which means that they may have different CORS settings than the origin server.
GET requests retrieve the contents of a resource, while HEAD requests retrieve only the headers of a resource. The Access-Control-Allow-Methods header specifies which HTTP methods are allowed when accessing a resource.**
If you need the CDN to support HEAD requests, you should check the CDN’s documentation or settings to see if there’s a way to configure it to allow HEAD requests in the CORS settings or by contacting your CDN provider’s support.**
I hope this is helpful!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.