CORS cross-domain and images

Question

CORS cross-domain and images

I am using AWS S3 and Cloudfront to deliver images to my sites / domains.

I was looking at AWS S3 CORS and I wanted to ask if I am restricting domains, this will restrict my other domains from accessing my images.

If I were to set the following in the Bucket, which contained images, it would stop other domains from accessing the images inside the bucket, or it would work differently under resources in CORS.

<AllowedOrigin>http://www.example.com</AllowedOrigin>

Basically, I would like to limit my images to only my sites.

Also I heard that you have to enable Cloudfront as another AllowedOrigin for this to work. Can anyone confirm this?

thank

+3

html cors amazon-s3 amazon-web-services amazon-cloudfront

Adam Apr 24 At 1:31 am

source to share

1 answer

datasage · Accepted Answer · 2015-04-24T05:39:52+0000

CORS is a browser enforced policy. This will not prevent users from downloading images from your cloud distribution.

You have two options.

Make all your files private and provide access via signed URLs. However Cloudfront does not cache images at all in this case.
Another option is to set up cloud mode to forward all headers and use a bucket policy to restrict access based on referrers. You can work around this, but it will prevent most accidental hotlinks.

CORS cross-domain and images

More articles: