search

aws-solutions / real-time-web-analytics-with-kinesis

AWS Solution with a CloudFormation template used to deploy an Kinesis Analytics application, optional web server for generating web usage data, and Cognito authenticated dashboard for viewing web analytics in real-time.
Other
68 stars 22 forks source link

Solution unusable in modern browsers because of missing Access-Control-Allow-Headers #6

Open pajel opened 4 years ago

pajel commented 4 years ago

I've successfully deployed this solution to an AWS account. Tests with provided python script or simple curl work fine, dashboard shows data coming in.

However, if you add the below javascript beacon code (taken from AWS documentation) in your site all modern browsers will refuse to send the metrics because of CORS issues.

var url = beacon_url; //from Outputs section of CloudFormation stack
http.open("POST", beacon_url);
http.setRequestHeader("event","click");
http.setRequestHeader("page","productpage.html");
http.setRequestHeader("clientid","user123");
http.send();

Error in Firefox: Access to XMLHttpRequest at 'http://<beacon_url>/' from origin 'https://<my_site>' has been blocked by CORS policy: Request header field page is not allowed by Access-Control-Allow-Headers in preflight response.

Proposed fix: the solutions webservers need to respond to javascript's preflight requests with correct Access-Control-Allow-Headers which needs to enumerate all allowed headers.

aijunpeng commented 4 years ago

We have added your request to our solution backlog items and it will be fixed in future solution releases. We thank you for your contribution.