Amazon Simple Storage Service
Developer Guide (API Version 2006-03-01)

Troubleshooting CORS Issues

When you are accessing buckets set with the CORS configuration, if you encounter unexpected behavior, the following are some troubleshooting actions you can take:

  1. Verify that the CORS configuration is set on the bucket.

    For instructions, go to Editing Bucket Permissions in the Amazon Simple Storage Service Console User Guide. If you have the CORS configuration set, the console displays an Edit CORS Configuration link in the Permissions section of the Properties bucket.

  2. Capture the complete request and response using a tool of your choice. For each request Amazon S3 receives, there must exist one CORS rule matching the data in your request, as follows:

    1. Verify the request has the Origin header.

      If the header is missing, Amazon S3 does not treat the request as a cross-origin request and does not send CORS response headers back in the response.

    2. Verify that the Origin header in your request matches at least one of the AllowedOrigin elements in the specific CORSRule.

      The scheme, the host, and the port values in the Origin request header must match the AllowedOrigin in the CORSRule. For example, if you set the CORSRule to allow the origin, then both and origins in your request do not match the allowed origin in your configuration.

    3. Verify that the method in your request (or the method specified in the Access-Control-Request-Method in the case of a preflight request) is one of the AllowedMethod elements in the same CORSRule.

    4. For a preflight request, if the request includes an Access-Control-Request-Headers header, verify that the CORSRule includes the AllowedHeader entries for each value in the Access-Control-Request-Headers header.