How to configure CORS on S3 Bucket to enable access via ReplayWeb.Page

Help! ReplayWeb.page
1

Hello all,

I’d like to be able to share web archives stored in a public S3 Bucket via https://replayweb.page/ but I’m having difficulty configuring the permissions in the Console.

Specifically, I’m struggling to define the rules in the Bucket Policy and Cross-origin resource sharing (CORS) entry fields.

I’ve input the following:

  1. Bucket Policy
{
    "Version": "2012-10-17",
    "Id": "Policy1612453220504",
    "Statement": [
        {
            "Sid": "AddPerm",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<BucketName>/<FileName>.warc"
        }
    ]
}
  1. Cross-origin resource sharing (CORS)
[
    {
        "AllowedHeaders": [],
        "AllowedMethods": [
            "GET",
            "PUT",
            "POST",
            "DELETE"
        ],
        "AllowedOrigins": [
            "https://replayweb.page"
        ],
        "ExposeHeaders": []
    }
]

Alas, no luck yet. Wonder if anyone can help/offer any guidance?

Thank you! Anisa

1 Like
2

the following works for me https://replayweb.page/?source=https://warcs.s3-eu-west-1.amazonaws.com/check-tor.wacz

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "HEAD"
        ],
        "AllowedOrigins": [
            "https://replayweb.page"
        ],
        "ExposeHeaders": []
    }
]

try with AllowedHeaders": ["*"]

1 Like
3

ciao @Anisa
i’ve seen your question in the call

maybe the problem is not only CORS, but the object that is not public (or the IAM policy is not correctly applied).
would you mind to check if you can reach the public object url?
or try to Make Public from Object Actions

unfortunately AWS introduce a lot of friction also for a simple thing like this, publishing on HTTP

s3
s31302×565 54.8 KB

1 Like
4

Here is the bucket policy I use on DigitalOcean as XML.
I think the ExposeHeaders are necessary to be able to load range requests:

 <CORSConfiguration
xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
	<AllowedMethod>GET</AllowedMethod>
	<AllowedMethod>HEAD</AllowedMethod>
	<AllowedOrigin>*</AllowedOrigin>
	<AllowedHeader>*</AllowedHeader>
	<ExposeHeader>Content-Range</ExposeHeader>
	<ExposeHeader>Content-Encoding</ExposeHeader>
	<ExposeHeader>Content-Length</ExposeHeader>
</CORSRule>
5

For this setting, you can try:

"ExposeHeaders": ["Content-Range", "Content-Encoding", "Content-Length"]

@Anisa hopefully this works, and we should definitely add it to the docs so that everyone using S3-like storage has these settings!

1 Like
6

I found that you need the MaxAgeSeconds element otherwise I got a malformed xml error:

This is what worked for me:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
  <CORSRule>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedHeader>*</AllowedHeader>
    <ExposeHeader>Content-Range</ExposeHeader>
    <ExposeHeader>Content-Encoding</ExposeHeader>
    <ExposeHeader>Content-Length</ExposeHeader>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
  </CORSRule>
</CORSConfiguration>