4

I need to setup an S3 bucket to serve my Django static files, and when I try to add a CORS policy, I got the following result:

Expected params.CORSConfiguration.CORSRules to be an Array

I firstly tried this policy:

<CORSConfiguration>
 <CORSRule>
   <AllowedOrigin>http://www.example.com</AllowedOrigin>
   <AllowedMethod>PUT</AllowedMethod>
   <AllowedMethod>POST</AllowedMethod>
   <AllowedMethod>DELETE</AllowedMethod>
   <AllowedHeader>*</AllowedHeader>
 </CORSRule>
 <CORSRule>
   <AllowedOrigin>*</AllowedOrigin>
   <AllowedMethod>GET</AllowedMethod>
 </CORSRule>
</CORSConfiguration>

And after some search I saw that Amazon has changed the format to JSON (https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html#how-do-i-enable-cors).

So I tried with their JSON example:

{
  "CORSConfiguration":{
    "CORSRule":[
      {
        "AllowedOrigin":[
          "http://www.example.fr"
        ],
        "AllowedMethod":[
          "PUT",
          "POST",
          "DELETE"
        ],
        "AllowedHeader":[
          "*"
        ]
      },
      {
        "AllowedOrigin":[
          "*"
        ],
        "AllowedMethod":[
          "GET"
        ]
      }
    ]
  }
}

And I got the exact same error.

So I searched on stackoverflow and saw this thread: Unable to update AWS S3 CORS POLICY

I tried the given syntax, without any success :/

If someone have an idea it will be great :)

Slot
  • 1,006
  • 2
  • 13
  • 27

1 Answers1

8

Here's an example that works:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "DELETE"
        ],
        "AllowedOrigins": [
            "http://www.example.com"
        ],
        "ExposeHeaders": []
    },
    {
        "AllowedHeaders": [],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": []
    }
]

Note that the CORS XML tags are no longer required (they're implicit), and singular nouns appear to have become plural e.g. "AllowedMethod" has become "AllowedMethods", because in XML each tag represented a single entity while in JSON it represents multiple. So, defensible linguistically but not backwards-compatible.

jarmod
  • 71,565
  • 16
  • 115
  • 122