Hi I’m getting strange errors from my websites when I try to make HEAD
request using fetch()
API.
My CORS configuration should be fine:
# Output from AWS CLI
{
"CORSRules": [
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"HEAD"
],
"AllowedOrigins": [
"https://*.gvs-staging.dev"
],
"MaxAgeSeconds": 0
}
]
}
When I run curl
I get a different response using the CDN url and direct access URL:
# Direct access
curl -I https://gvs-dev-storage.fra1.digitaloceanspaces.com/page-images/seo-general-settings/seo-image/seo-images/202012171140-5904fe1b45774336/og_image_fallback.png -H "Origin:https://www.gvs-staging.dev" -X HEAD
HTTP/1.1 200 OK
Content-Length: 3173
Accept-Ranges: bytes
Last-Modified: Tue, 19 Jan 2021 00:43:11 GMT
x-rgw-object-type: Normal
ETag: "9597b3630f58987f424f9bfa895bd585"
Cache-Control: max-age=604800
x-amz-request-id: tx00000000000001fb5aa19-0060097637-2e1cef0-fra1b
Access-Control-Allow-Origin: https://www.gvs-staging.dev
Vary: Origin
Access-Control-Allow-Methods: HEAD
Access-Control-Max-Age: 0
Content-Type: image/png
Date: Thu, 21 Jan 2021 12:40:23 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
# CDN
curl -I https://gvs-dev-storage.fra1.cdn.digitaloceanspaces.com/page-images/seo-general-settings/seo-image/seo-images/202012171140-5904fe1b45774336/og_image_fallback.png -H "Origin:https://www.gvs-staging.dev" -X HEAD
HTTP/1.1 200 OK
Date: Thu, 21 Jan 2021 12:40:05 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 3173
Content-Type: image/png
X-HW: 1611232805.dop021.ml1.t,1611232805.cds207.ml1.shn,1611232805.dop021.ml1.t,1611232805.cds007.ml1.p
x-rgw-object-type: Normal
ETag: "9597b3630f58987f424f9bfa895bd585"
Cache-Control: max-age=604800
x-amz-request-id: tx00000000000001fbf2889-0060097625-2e63dbc-fra1b
Access-Control-Allow-Origin: https://www.gvs-staging.dev
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 0
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Last-Modified: Tue, 19 Jan 2021 00:43:11 GMT
Shouldn’t Access-Control-Allow-Methods
always be HEAD
?
Thank you for your time.
Click below to sign up and get $100 of credit to try our products over 60 days!