search

awslabs / speke-reference-server

Secure Packager and Encoder Key Exchange (SPEKE) is part of the AWS Elemental content encryption protection strategy for media services customers. SPEKE defines the standard for communication between our media services and digital rights management (DRM) system key servers. This project provides the basic framework that partners can specialize and extend to support their specific method of Digital Rights Management while utilizing AWS' video streaming solutions.
https://docs.aws.amazon.com/speke/latest/documentation/what-is-speke.html
Apache License 2.0
108 stars 48 forks source link

Missing Cloudfront cache behavior config for CORS #37

Open giubil opened 4 years ago

giubil commented 4 years ago

As per the Cloudfront documentation you need to add the Origin header to the whitelisted Headers on the default cache behavior. Otherwise, the requests will be missing the CORS headers when served from cache.

Example requests : Hit from cache : 

* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< content-type: binary/octet-stream
< content-length: 16
< date: Wed, 08 Apr 2020 16:09:54 GMT
< last-modified: Tue, 31 Mar 2020 00:17:31 GMT
< etag: "59493f9fbd62894c3a89cccfee7457c7"
< x-amz-server-side-encryption: AES256
< accept-ranges: bytes
< server: AmazonS3
< x-cache: Hit from cloudfront

Miss from cache: 

* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< content-type: binary/octet-stream
< content-length: 16
< date: Wed, 08 Apr 2020 16:10:58 GMT
< access-control-allow-origin: *
< access-control-allow-methods: GET
< access-control-max-age: 3000
< last-modified: Tue, 31 Mar 2020 00:17:31 GMT
< etag: "59493f9fbd62894c3a89cccfee7457c7"
< x-amz-server-side-encryption: AES256
< accept-ranges: bytes
< server: AmazonS3
< x-cache: Miss from cloudfront

Hit from cache after whitelisting Origin : 

* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< content-type: binary/octet-stream
< content-length: 16
< date: Wed, 08 Apr 2020 16:12:32 GMT
< access-control-allow-origin: *
< access-control-allow-methods: GET
< access-control-max-age: 3000
< last-modified: Tue, 31 Mar 2020 00:17:31 GMT
< etag: "59493f9fbd62894c3a89cccfee7457c7"
< x-amz-server-side-encryption: AES256
< accept-ranges: bytes
< server: AmazonS3
< x-cache: Hit from cloudfront
JimTharioAmazon commented 4 years ago

Thank you. I have an example from another template we can reuse here for CloudFormation header pass-thru.