Amazon AWS S3 and CORS

In order for Javascript to be able to access items stored in an Amazon S3 bucket, the bucket needs to have a Cross-Origin Request Sharing (CORS) file in it.

Based on CORS with CloudFront, it looks like at this point the S3 buckets start out with a CORS configuration file with a wildcard alloworigin configuration: <AllowedOrigin>*</AllowedOrigin>. At least the one with our streams does and I’m fairly sure I didn’t put it there.

Just updated it to limit requests to our web domain: <AllowedOrigin>*our-site.com</AllowedOrigin>.