Our website is having problems loading CSS and JS resources on a Amazon S3 bucket with the very latest version of Chromium (Version 33.0.1722.0 – 237596) and Chrome Canary.
It works well with any of the other browsers including the current Chrome (31.0.1650.57).
The error is:
Script from origin ‘https://mybucket.s3.amazonaws.com‘ has been blocked from loading by Cross-Origin Resource Sharing policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘https://app.example.com‘ is therefore not allowed access.
Our S3 CORS configuration on the resource bucket is:
Is it a bug with Chromium?
Did something change on the latest CORS spec?
Add any query parameter such as
?cacheblock=true to the url, like so:
Instead of: https://somebucket.s3.amazonaws.com/someresource.pdf
The technical explanation I don’t have entirely down. But it is something like the following:
Including a query parameter will prevent the ‘misbehaving’ caching behavior in Chrome, causing Chrome to send out a fresh request for both the preflight request and the actual request, allowing the proper headers to be present on both requests, allowing S3 to respond properly. Approximately.