How to configure CORS on S3 Bucket to enable access via ReplayWeb.Page

Anisa · February 4, 2021, 5:41pm

Hello all,

I’d like to be able to share web archives stored in a public S3 Bucket via https://replayweb.page/ but I’m having difficulty configuring the permissions in the Console.

Specifically, I’m struggling to define the rules in the Bucket Policy and Cross-origin resource sharing (CORS) entry fields.

I’ve input the following: 1. Bucket Policy

{
“Version”: “2012-10-17”,
“Id”: “Policy1612453220504”,
“Statement”: [
{
“Sid”: “AddPerm”,
“Effect”: “Allow”,
“Principal”: {
“AWS”: “*”
},
“Action”: “s3:GetObject”,
“Resource”: “arn:aws:s3:::/.warc”
}
]
}

Cross-origin resource sharing (CORS)

[
{
“AllowedHeaders”: [],
“AllowedMethods”: [
“GET”,
“PUT”,
“POST”,
“DELETE”
],
“AllowedOrigins”: [
“https://replayweb.page”
],
“ExposeHeaders”: []
}
]

Alas, no luck yet. Wonder if anyone can help/offer any guidance?

Thank you! Anisa

raffaele · February 5, 2021, 2:46pm

the following works for me https://replayweb.page/?source=https://warcs.s3-eu-west-1.amazonaws.com/check-tor.wacz

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "HEAD"
        ],
        "AllowedOrigins": [
            "https://replayweb.page"
        ],
        "ExposeHeaders": []
    }
]

try with AllowedHeaders": ["*"]

raffaele · February 16, 2021, 7:45pm

ciao @Anisa
i’ve seen your question in the call

maybe the problem is not only CORS, but the object that is not public (or the IAM policy is not correctly applied).
would you mind to check if you can reach the public object url?
or try to Make Public from Object Actions

unfortunately AWS introduce a lot of friction also for a simple thing like this, publishing on HTTP

ilya · February 16, 2021, 7:57pm

Here is the bucket policy I use on DigitalOcean as XML.
I think the ExposeHeaders are necessary to be able to load range requests:

 <CORSConfiguration
xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
	<AllowedMethod>GET</AllowedMethod>
	<AllowedMethod>HEAD</AllowedMethod>
	<AllowedOrigin>*</AllowedOrigin>
	<AllowedHeader>*</AllowedHeader>
	<ExposeHeader>Content-Range</ExposeHeader>
	<ExposeHeader>Content-Encoding</ExposeHeader>
	<ExposeHeader>Content-Length</ExposeHeader>
</CORSRule>

ilya · February 16, 2021, 8:00pm

For this setting, you can try:

"ExposeHeaders": ["Content-Range", "Content-Encoding", "Content-Length"]

@Anisa hopefully this works, and we should definitely add it to the docs so that everyone using S3-like storage has these settings!