search

bbc / digital-paper-edit-api

Work in progress - BBC News Labs digital paper edit project - Express server API
Other
0 stars 4 forks source link

S3 cross origin issue for demo media bucket #21

Closed pietrop closed 5 years ago

pietrop commented 5 years ago

Describe the bug Video context preview doesn't work on branch x when in local dev, serving media from S3.

Access to video at 'https://digital-paper-edit-demo.s3.eu-west-2.amazonaws.com/PBS-Frontline/The+Facebook+Dilemma+-+interviews/The+Facebook+Dilemma+-+Nathaniel+Gleicher-F0ykdaOck_M.mp4' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

To Reproduce Steps to reproduce the behavior:

Expected behavior For video context to play without cross origin issues

Additional context There's a chance this might just be due to the server running on localhost and S3 rejecting that?

current S3 demo bucket config

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

Note that the S3 demo bucket is not the same as the S3 bucket used in cloud formation for the app.

pietrop commented 5 years ago

to add to the mystery, I packaged the app in electron, and there it seems work fine there...

PTaylour commented 5 years ago

re your additional context

https://stackoverflow.com/questions/10883211/deadly-cors-when-http-localhost-is-the-origin/10892392#10892392

Have you tried on other browsers?

pietrop commented 5 years ago

ah interesting

Chrome ]does not support localhost for CORS requests](https://bugs.chromium.org/p/chromium/issues/detail?id=67743) (a bug opened in 2010, marked WontFix in 2014).

To get around this you can use a domain like lvh.me (which points at 127.0.0.1 just like localhost) or start chrome with the --disable-web-security flag (assuming you're just testing).

yes! thanks! it works in Firefox!