Skip to content

bug: S3 CORS is not honoring subdomain * syntax #10090

New issue
New issue
Closed
#10365
Closed
bug: S3 CORS is not honoring subdomain * syntax#10090
#10365
Labels
aws:s3Amazon Simple Storage Servicestatus: in progressCurrently being worked ontype: bugBug report
@samesfahani-tuplehealth

Description

@samesfahani-tuplehealth
samesfahani-tuplehealth
opened on Jan 19, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Local bucket's CORS policy:

$ aws s3api get-bucket-cors --bucket foo --endpoint-url=http://localhost:4566                                                          
{
    "CORSRules": [
        {
            "AllowedHeaders": [
                "*"
            ],
            "AllowedMethods": [
                "GET",
                "PUT"
            ],
            "AllowedOrigins": [
                "http://*.example.com",
                "https://app.localstack.cloud",
                "http://app.localstack.cloud"
            ]
        }
    ]
}

Doing OPTIONS preflight through curl:
curl -v --request OPTIONS 'http://127.0.0.1:4566/foo/' -H 'Origin: http://subd.example.com' -H 'Access-Control-Request-Method: GET'

Returns:

< HTTP/1.1 403 
< Content-Type: application/xml
< Content-Length: 534
< x-amz-request-id: 2432170e-f270-42a8-91fe-2b8415cada4a
< x-amz-id-2: s9lzHYrFp76ZVxRcpX9+5cjAnEH2ROuNkd2BHfIa6UkFVdtjf5mKR3/eTPFvsiP/XV/VLi31234=
< Connection: close
< date: Fri, 19 Jan 2024 20:26:37 GMT
< server: hypercorn-h11
< 
<?xml version='1.0' encoding='utf-8'?>
* Closing connection
<Error><Code>AccessForbidden</Code><Message>CORSResponse: This CORS request is not allowed. This is usually because the evalution of Origin, request method / Access-Control-Request-Method or Access-Control-Request-Headers are not whitelisted by the resource's CORS spec.</Message><RequestId>2432170e-f270-42a8-91fe-2b8415cada4a</RequestId><HostId>9Gjjt1m+cjU4OPvX9O9/8RuvnG41MRb/18Oux2o5H5MY7ISNTlXN+Dz9IG62/ILVxhAGI0qyPfg=</HostId><Method>GET</Method><ResourceType>OBJECT</ResourceType></Error>%

Expected Behavior

Would expect an OPTIONS call to e.g. http://subd.example.com to return 200 OK. I have tested this against real S3 and this works.

Documentation: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManageCorsUsing.html#cors-allowed-origin

How are you starting LocalStack?

With a docker-compose file

Steps To Reproduce

See above.

Environment

- OS: macOS Sonoma 14.2.1
- LocalStack: latest

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    aws:s3Amazon Simple Storage Servicestatus: in progressCurrently being worked ontype: bugBug report

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions