{"id":22127784,"url":"https://github.com/sashee/signed_urls_cors","last_synced_at":"2026-05-09T16:12:45.406Z","repository":{"id":138843035,"uuid":"227640399","full_name":"sashee/signed_urls_cors","owner":"sashee","description":"Testing different configurations of domains and CORS headers when redirecting to an S3 signed URL","archived":false,"fork":false,"pushed_at":"2020-04-18T07:25:29.000Z","size":64,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-09-23T07:34:41.744Z","etag":null,"topics":["aws","cloudfront","cors"],"latest_commit_sha":null,"homepage":"https://advancedweb.hu/how-to-solve-cors-problems-when-redirecting-to-s3-signed-urls/","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sashee.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-12-12T15:41:46.000Z","updated_at":"2020-04-18T14:41:08.000Z","dependencies_parsed_at":"2023-03-19T17:35:54.207Z","dependency_job_id":null,"html_url":"https://github.com/sashee/signed_urls_cors","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sashee/signed_urls_cors","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sashee%2Fsigned_urls_cors","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sashee%2Fsigned_urls_cors/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sashee%2Fsigned_urls_cors/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sashee%2Fsigned_urls_cors/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sashee","download_url":"https://codeload.github.com/sashee/signed_urls_cors/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sashee%2Fsigned_urls_cors/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281625157,"owners_count":26533338,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-29T02:00:06.901Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cloudfront","cors"],"created_at":"2024-12-01T17:21:02.124Z","updated_at":"2025-10-29T12:44:21.551Z","avatar_url":"https://github.com/sashee.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# This is demonstration code to see what bucket CORS configurations work when using a HTTP redirect\n\nTo learn more, see [this blog post](https://advancedweb.hu/how-to-solve-cors-problems-when-redirecting-to-s3-signed-urls/).\n\n## How to use\n\n* ```terraform init```\n* ```terraform apply```\n* open the resulting URL\n* ```terraform destroy```\n\n## How it works\n\nIt creates a website that calls an API which redirects to URLs in different buckets.\n\nThe buckets are configured in 3 way:\n\n* No CORS configuration\n* Allows ```*```\n* Allows ```null```\n\nThe Lambda function also returns one of 3 configurations of CORS headers:\n\n* No CORS headers\n* Access-Control-Allow-Origin: *\n* Access-Control-Allow-Origin: \u003corigin\u003e, Access-Control-Allow-Credentials: true\n\nAnd finally, the backend call can be:\n\n* On the same domain (/api)\n* On a different domain\n* On a different domain with {credentials: \"include\"} set\n\nThis gives 3x3x3=27 possible configurations. A HTTP request is sent by the browser to read the contents of a file and it reports whether it is successful or not.\n\nHere are the results:\n\n![](docs/result.png)\n\nNote: I noticed that some requests are stuck in \"pending\" state. This is probably due to an extension I'm using as it works in incognito mode.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsashee%2Fsigned_urls_cors","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsashee%2Fsigned_urls_cors","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsashee%2Fsigned_urls_cors/lists"}