• Resolved mwatson86

    (@mwatson86)


    Hi,

    Within your AWS S3 setup documentation where you set the CORS policy, you say to set AllowedOrigins to *, which from what I understand is insecure.

    If I was to set AllowedOrigins to the website which I am serving the assets from, should this cause any issues?

    Thanks

    • This topic was modified 5 years ago by mwatson86.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Media Cloud

    (@mediacloud)

    Yes, it should be fine to set the AllowedOrigins to your server, though don’t forget the subdomain variations.

    CORS is not really about server security. Origin spoofing is pretty trivial. And with S3, any request that could cause damage has to be signed and authenticated anyways.

    Plugin Author Media Cloud

    (@mediacloud)

    Also, we don’t really give support in these forums anymore. If you have any further questions or need help, we respond much quicker at https://talk.mediacloud.press/

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘AWS CORS Policy’ is closed to new replies.