Amazon S3 selectively sends CORS response headers based on the request headers. If a browser requests a URL without a CORS request header, an edge server will cache the response from Amazon S3, which does not have the CORS header.

It can be worked around by using one of the following HTTP Rules:

  • Fake a CORS request to Amazon S3:
  1. Go to your Control Panel > CDN > Resources menu.
  2. On the page that appears, click the label of the required CDN resource.
  3. On the following page, click the HTTP Caching Rules tab.
  4. Click the Create New Rules button.
  5. In the Conditions table, in the Connective column, click the drop-down list and select if, and in the Subject column, click the drop-down list and select Default.
  6.  In the Actions table, in the Header column, specify Origin, and in the Value column, enter origindomain.com.
  7. In the Conditions table, click .
  8. In the Conditions table, in the Connective column, click the drop-down list and select and, and in the Subject column, click the drop-down list and select Default.
  9. In the Actions table, in the Header column, enter Access-Control-Request-Method, and in the Value column, specify GET.

     OR

  • Send a CORS response to the client:
  1. Go to your Control Panel > CDN > Resources menu.
  2. On the page that appears, click the label of the required CDN resource.
  3. On the following page, click the HTTP Caching Rules tab.
  4. Click the Create New Rules button.
  5. In the Conditions table, in the Connective column, click the drop-down list and select if, and in the Subject column, click the drop-down list and select Default.
  6. In the Actions table, in the Header column, specify Access-Control-Allow-Origin, and in the Value column, add *.
  7. In the Conditions table, click .
  8. In the Conditions table, in the Connective column, click the drop-down list and select and, and in the Subject column, click the drop-down list and select Default.
  9. In the Actions table, in the Header column, specify Access-Control-Allow-Methods, and in the Value column, enter GET.
  10. In the Conditions table, click .
  11. In the Conditions table, in the Connective column, click the drop-down list and select and, and in the Subject column, click the drop-down list and select Default.
  12. In the Actions table, in the Header column, specify Access-Control-Max-Age, and in the Value column, enter 3000.