Score:1

Cloudfront security headers causes CORS issues

cn flag

I have two different Vue.JS apps deployed to AWS S3 + Cloudfront. The first has the domain set up in Route53, while the second has the domain set up in Google's domain service.

Both of the apps works completely fine. Recently I tried using the cloudfront predefined security headers under the "behavior" settings:

enter image description here

The header policy has all of the following:

enter image description here

The first app (with the domain configured in Route53) continues to work perfectly fine, but for the second app I started getting CORS issues.

enter image description here

This boggles the mind a little bit, because I'm getting CORS errors from within the same domain.

enter image description here

cn flag
I think it's complaining about your scripts not having the right MIME type (expects `application/javascript`). Does this help? https://stackoverflow.com/a/67928269
Carel avatar
cn flag
@LouisWaweru - This is a Vue.JS single page application with no manually linked js files - the whole thing compiles into an `index.html` file and a bunch of js and css files when it's built, all handled by the vue CLI. Inspecting the `index.html` file shows that the generated script files are added with: `<script src="/js/app.ecba88eb.js"></script>`. Just to be sure, I manually added `type="application/javascript"` and updated S3 and invalidated the cloudfront cache, but I'm still getting the same result.
Carel avatar
cn flag
@LouisWaweru - wait, I only read your message before and somehow missed the link you provided. There is hope, I am attempting this now.
Carel avatar
cn flag
@LouisWaweru yes that's it, it works, unbelievable
Score:2
cn flag

I think it's complaining about your scripts not having the right MIME type (expects application/javascript). Does this help?

manually change the system-defined content-type in the S3 console for the individual js objects from text/plain to application/javascript, then make sure the cache was invalidated and refreshed

source: schquestionasker

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.