Related

What about my website SEO if I use all my images on Spaces? Question Question
DIgital Ocean Spaces CDN Signature Does Not Match Question Question

Question

CORS headers are not the same if using CDN or direct access

Posted January 21, 2021 148 views
CDNDigitalOcean Spaces

Hi I’m getting strange errors from my websites when I try to make HEAD request using fetch() API.

My CORS configuration should be fine:

# Output from AWS CLI
{
    "CORSRules": [
        {
            "AllowedHeaders": [
                "*"
            ],
            "AllowedMethods": [
                "GET",
                "HEAD"
            ],
            "AllowedOrigins": [
                "https://*.gvs-staging.dev"
            ],
            "MaxAgeSeconds": 0
        }
    ]
}

When I run curl I get a different response using the CDN url and direct access URL:

# Direct access
curl -I https://gvs-dev-storage.fra1.digitaloceanspaces.com/page-images/seo-general-settings/seo-image/seo-images/202012171140-5904fe1b45774336/og_image_fallback.png -H "Origin:https://www.gvs-staging.dev" -X HEAD

HTTP/1.1 200 OK
Content-Length: 3173
Accept-Ranges: bytes
Last-Modified: Tue, 19 Jan 2021 00:43:11 GMT
x-rgw-object-type: Normal
ETag: "9597b3630f58987f424f9bfa895bd585"
Cache-Control: max-age=604800
x-amz-request-id: tx00000000000001fb5aa19-0060097637-2e1cef0-fra1b
Access-Control-Allow-Origin: https://www.gvs-staging.dev
Vary: Origin
Access-Control-Allow-Methods: HEAD
Access-Control-Max-Age: 0
Content-Type: image/png
Date: Thu, 21 Jan 2021 12:40:23 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method

# CDN
curl -I https://gvs-dev-storage.fra1.cdn.digitaloceanspaces.com/page-images/seo-general-settings/seo-image/seo-images/202012171140-5904fe1b45774336/og_image_fallback.png -H "Origin:https://www.gvs-staging.dev" -X HEAD

HTTP/1.1 200 OK
Date: Thu, 21 Jan 2021 12:40:05 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 3173
Content-Type: image/png
X-HW: 1611232805.dop021.ml1.t,1611232805.cds207.ml1.shn,1611232805.dop021.ml1.t,1611232805.cds007.ml1.p
x-rgw-object-type: Normal
ETag: "9597b3630f58987f424f9bfa895bd585"
Cache-Control: max-age=604800
x-amz-request-id: tx00000000000001fbf2889-0060097625-2e63dbc-fra1b
Access-Control-Allow-Origin: https://www.gvs-staging.dev
Access-Control-Allow-Methods: GET
Access-Control-Max-Age: 0
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
Last-Modified: Tue, 19 Jan 2021 00:43:11 GMT

Shouldn’t Access-Control-Allow-Methods always be HEAD?

Thank you for your time.

Add a comment
mepagency
By:
mepagency

Related

What about my website SEO if I use all my images on Spaces? Question Question
DIgital Ocean Spaces CDN Signature Does Not Match Question Question
Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Related

Looking for something else?

Ask a new question Search for more help