Question

Your company is hosting a static website in S3. The code has recently been changed wherein Javascript calls are being made to the web pages in the same bucket via the Fully Qualified Domain Name.

But the browser is blocking the requests. What should be done to alleviate the issue?

A. Enable CORS on the bucket.

B. Enable versioning on the bucket.

C. Enable CRR on the bucket.

D. Enable encryption the bucket.

Answer 1

nswer - A.

Option B is incorrect because this is used to prevent accidental deletion of objects in S3.

Option C is incorrect because this is used for Cross-region replication of objects.

Option D is incorrect because this is used to encrypt objects at rest.

The AWS Documentation mentions the following.

Cross-Origin Resource Sharing: Use-case Scenarios.

The following are example scenarios for using CORS:

Scenario 1: Suppose you are hosting a website in an Amazon S3 bucket named website described in Hosting a Static Website on Amazon S3

Your users load the website endpoint http://website.s3-website-us-east-1.amazonaws.com.

Now you want to use JavaScript on the webpages stored in this bucket to make authenticated GET and PUT requests against the same bucket by using the Amazon S3 API endpoint for the bucket website.s3.amazonaws.com.

A browser would normally block JavaScript from allowing those requests, but with CORS you can configure your bucket to enable cross-origin requests from website.s3-website-us-east-1.amazonaws.com explicitly.

Scenario 2: Suppose that you want to host a web font from your S3 bucket.

Again, browsers require a CORS check (also called a preflight check) for loading web fonts.

You would configure the bucket that hosts the web font to allow any origin to make these requests.