Getting S3 CORS Access-Control-Allow-Origin to dynamically echo requesting domain

Question

How can I set the S3 CORS AllowedOrigin configuration such that it dynamically echos the requesting domain in the Access-Control-Allow-Origin heade

Answer 1

AWS's CORS documentation does not document this, but I managed to get the answer in a thread on AWS Developer Forums, where I found that AWS changed the original behavior of echoing the requesting domain if * is being used for AllowedOrigin.

To get S3 to dynamically echo the requesting domain, AllowedOrigin has to be set as such:

<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>

Answer 2

For me it seemed to be some kind of caching issue (even though I was not using cloudfront, only S3). Appending a random parameter to the URL fixed the issue for me, e.g.

https://s3-amazon.com/bucket/file.jpg?d=3243253456346

I also had the following CORS settings in S3:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>http://*</AllowedOrigin>
        <AllowedOrigin>https://*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>