2

I have hosted a RoR app on Amazon EC2 instance. Instance has public IP but no elastic IP is assigned. Application is pointed to a domain using Dreamhost.

We use Amazon S3 to store audio files uploaded through web application and load these files back to site and play in player.

This is where I am facing weird issue, sometimes files play fine but sometimes it gives error saying

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin http://XX.XXX.XX.XXX is therefore not allowed access.

But at the same time if I copy paste S3 url in browser outside my application it loads.

Why error gives IP address instead of saying mydoamin.com is therefore not allowed access?

I am guessing the issue is because of some domain/IP configurations.

Uri Agassi
  • 36,848
  • 14
  • 76
  • 93
pramodtech
  • 6,300
  • 18
  • 72
  • 111

1 Answers1

2

An elastic IP on amazon is an IP which is reserved to you. Without it, every time you stop and start your instance, a different IP will be set to it.

You don't have to use elastic IP, you could, for example point your domain to an ELB (elastic load balancer) CNAME, which will remain constant as it load balances between one or more instances of your application.

I'm not sure this has anything to do with the error given, which is explained in this answer:

Site B uses Access-Control-Allow-Origin to tell the browser that the content of this page is accessible to certain domains. By default, site B's pages are not accessible to any other domain; using the ACAO header opens a door for cross-domain access by specific domains.

Site B should serve its pages with

Access-Control-Allow-Origin: http://sitea.com

It seems that the problematic link is an absolute path with the explicit IP, I have no idea why this should happen, look at the source of the page from which the link fails, and try to figure it out.

Community
  • 1
  • 1
Uri Agassi
  • 36,848
  • 14
  • 76
  • 93
  • Thanks Uri. If IP gets changed on reboot then I guess it's not a good option, I may have to reboot my instance for some reason. ELB might not be required since application is of small size and doesn't have heavy traffic. Not sure but I guess ELB has additional cost. Regarding CORS I saw http request headers and found that when request is originating from IP I get error but when request is originating from domain name it works. So what is this behavior of some requests originating from IP? any idea? – pramodtech Mar 03 '14 at 12:47
  • Check the source code of the problematic pages - do you see the IP there? Who writes this problematic link? The Rails application? – Uri Agassi Mar 03 '14 at 12:49
  • The page is same which sometimes works and sometimes doesn't. Link to Amazon S3 is always correct if I browse S3 link separately in browser it works. The issue is with request origin which I think has to do something with EC2 or Dreamhost or some DNS configurations. – pramodtech Mar 03 '14 at 13:01
  • You say that requests originating from IP are problematic? Then this must be your problem - links are _relative_ to the request source. When you request the domain for the pages, the CORS works OK, but when you use the IP - the CORS header blocks you requests. – Uri Agassi Mar 03 '14 at 13:08
  • Try this: http://stackoverflow.com/questions/7094394/rails-redirect-to-specific-domain-but-dont-override-ssl – Uri Agassi Mar 03 '14 at 13:21