CORS problems with Amazon S3 on the latest Chomium and Google Canary


Our website is having problems loading CSS and JS resources on a Amazon S3 bucket with the very latest version of Chromium (Version 33.0.1722.0 – 237596) and Chrome Canary.
It works well with any of the other browsers including the current Chrome (31.0.1650.57).

The error is:

Script from origin ‘‘ has been blocked from loading by Cross-Origin Resource Sharing policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘‘ is therefore not allowed access.

Our S3 CORS configuration on the resource bucket is:

Is it a bug with Chromium?
Did something change on the latest CORS spec?


Add any query parameter such as ?cacheblock=true to the url, like so:

Instead of:


The technical explanation I don’t have entirely down. But it is something like the following:

Including a query parameter will prevent the ‘misbehaving’ caching behavior in Chrome, causing Chrome to send out a fresh request for both the preflight request and the actual request, allowing the proper headers to be present on both requests, allowing S3 to respond properly. Approximately.

Leave a Reply