CORS cross-domain and images

I am using AWS S3 and Cloudfront to deliver images to my sites / domains.

I was looking at AWS S3 CORS and I wanted to ask if I am restricting domains, this will restrict my other domains from accessing my images.

If I were to set the following in the Bucket, which contained images, it would stop other domains from accessing the images inside the bucket, or it would work differently under resources in CORS.



Basically, I would like to limit my images to only my sites.

Also I heard that you have to enable Cloudfront as another AllowedOrigin for this to work. Can anyone confirm this?



source to share

1 answer

CORS is a browser enforced policy. This will not prevent users from downloading images from your cloud distribution.

You have two options.

  • Make all your files private and provide access via signed URLs. However Cloudfront does not cache images at all in this case.

  • Another option is to set up cloud mode to forward all headers and use a bucket policy to restrict access based on referrers. You can work around this, but it will prevent most accidental hotlinks.



All Articles