0

I am trying to use S3-hosted fonts on a page that requires Basic Authentication. S3 responds with the 400 status code and no response body. This seems to happen if any type of Authorization header is sent along with the request to the page.

enter image description here

Demo available here: https://seidat-demos.herokuapp.com/demo-pdf-font/index.html (Include the Authorization header, e.g. Basic dXNlcjpwYXNz).

Bucket CORS settings:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>https://seidat-demos.herokuapp.com</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

I'm aware that making GET requests to S3 objects directly with Basic Auth headers will cause a 400 error, but that doesn't seem to be the case here.

artem
  • 31
  • 4

1 Answers1

0

Making request with Authorization header on S3 REST API endpoint will cause the bad request error because S3 uses it for sigv4. 1. Static website endpoint won't give this error but it doesn't work on https. 2. Have you try this: Does Amazon S3 support HTTP request with basic authentication

James Dean
  • 4,033
  • 1
  • 9
  • 18
  • My question is more about why I can't have those fonts on the page. The `Authorization` header is clearly not sent to S3 when the page requests those resources. – artem Mar 07 '19 at 10:19