R2 CORS stopped working for me

ilyabo · October 25, 2023, 7:36pm

I set up CORS for my R2 buckets and it was were working fine with pre-signed URLs. But today it suddenly stopped working without me changing anything. I am getting the same error in two different buckets:

Access to XMLHttpRequest at 'https://---.r2.cloudflarestorage.com/..' from origin 'http://localhost:4444' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I tried updating the policy to include ExposeHeaders, it didn’t help:

[
{
“AllowedOrigins”: [
“*”
],
“AllowedMethods”: [
“GET”,
“PUT”
],
“AllowedHeaders”: [
“Content-Type”,
“Content-Language”,
“Content-Encoding”,
“Content-Disposition”,
“X-Amz-Acl”
],
“ExposeHeaders”: [
“Content-Type”,
“Access-Control-Allow-Origin”,
“ETag”,
“Cache-Control”,
“Content-Disposition”,
“Content-Encoding”,
“Expires”
]
}
]

I also tried creating a new bucket and setting up the CORS policy again. Didn’t help either.

Does anyone experience the same issue?

ilyabo · October 25, 2023, 9:06pm

Turns out that the issue was that my R2 API token for S3 expired. I created a new one and updated them in the app, now it works again.
But it was really hard to find the cause of the problem, because the URL signing still worked (I used getSignedUrl from @aws-sdk/s3-request-presigner). It generated download urls, but these URLs didn’t include Access-Control-Allow-Origin in response headers. It would have been much more obvious if the singing was failing instead.

system · October 28, 2023, 9:06pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.