I'm working on a ELB monitoring application that I'd like to build with JS and host directly in S3. I have no experience of JS and I'm struggling to get to grips with CORS.
I have successfully created a build of the SDK for my browser (.html) which includes ELB API support.
I have integrated Amazon login (.html) with my script and I have attached it to an IAM WebIdentity role.
When I call
elb.describeInstanceHealth(elbRequestParams).on('success', describeInstanceHealthCallback).send();
I get an error in Javascript console
XMLHttpRequest cannot load 'elasticloadbalancing.eu-west-1.amazonaws/'. The request was redirected to 'aws.amazon/elasticloadbalancing', which is disallowed for cross-origin requests that require preflight.
I can't find any clear documentation that what I'm trying to do won't work, but, I'll admit I'm confused by some of the terms in the documentation and I have no experience of CORS in previous applications to fall back on. I would think the whole JS-SDK for the browser is a bit redundant if the majority of services aren't CORS aware and need to be.
I can get this working by disabling web-security in my Chrome browser, obviously this isn't a good workaround but would indicate to me that CORS is the issue.
Is anyone familiar with this approach, is it a problem that I'm hosting on S3, or, would I have this problem from any server? Should I be configuring my S3 bucket with CORS, or, is it that there's no CORS policy on the 'elasticloadbalancing.eu-west-1.amazonaws' endpoint?
Thanks
Andrew
I'm working on a ELB monitoring application that I'd like to build with JS and host directly in S3. I have no experience of JS and I'm struggling to get to grips with CORS.
I have successfully created a build of the SDK for my browser (http://docs.aws.amazon./AWSJavaScriptSDK/guide/browser-building.html) which includes ELB API support.
I have integrated Amazon login (http://docs.aws.amazon./AWSJavaScriptSDK/guide/browser-configuring-wif.html) with my script and I have attached it to an IAM WebIdentity role.
When I call
elb.describeInstanceHealth(elbRequestParams).on('success', describeInstanceHealthCallback).send();
I get an error in Javascript console
XMLHttpRequest cannot load 'elasticloadbalancing.eu-west-1.amazonaws./'. The request was redirected to 'aws.amazon./elasticloadbalancing', which is disallowed for cross-origin requests that require preflight.
I can't find any clear documentation that what I'm trying to do won't work, but, I'll admit I'm confused by some of the terms in the documentation and I have no experience of CORS in previous applications to fall back on. I would think the whole JS-SDK for the browser is a bit redundant if the majority of services aren't CORS aware and need to be.
I can get this working by disabling web-security in my Chrome browser, obviously this isn't a good workaround but would indicate to me that CORS is the issue.
Is anyone familiar with this approach, is it a problem that I'm hosting on S3, or, would I have this problem from any server? Should I be configuring my S3 bucket with CORS, or, is it that there's no CORS policy on the 'elasticloadbalancing.eu-west-1.amazonaws.' endpoint?
Thanks
Andrew
Share Improve this question asked Mar 4, 2014 at 12:46 Andrew TaylorAndrew Taylor 411 gold badge1 silver badge2 bronze badges 5- 1 how do you run this, running directly from s3? can you show the code that call elb.describeInstanceHealth(elbRequestParams).on('success', describeInstanceHealthCallback).send(); – wayne Commented Mar 4, 2014 at 12:54
- 1 Yes, it runs directly from S3. It's quite difficult to un-pick the specific code but it's essentially just define elb to be an instance of AWS.ELB() then call that line. If I disable CORS in my browser that line successfully pletes as expected. Is there some specific code you'd like to see? The callback perhaps? – Andrew Taylor Commented Mar 4, 2014 at 13:27
- CORS issue is annoying for sure, and they are not syntax error that is right or wrong, they can be different. Can you show the callback code and also full request header/detail from chrome devtool – wayne Commented Mar 4, 2014 at 13:37
- For clarity; AWS must support CORS header for ELB for my requests to work? If this is the case, is there a way to check that easily? Trying to find request/header detail now. – Andrew Taylor Commented Mar 4, 2014 at 13:49
- I think it is something to do with the region. what region is your s3 bucket and what region is your elb? non US region will have trouble using domain-style to access s3. you see the request elasticloadbalancing.eu-west-1.amazonaws./(domain style eu region) is redirect to aws.amazon./elasticloadbalancing (US region). no harm trying changing region setting. – wayne Commented Mar 4, 2014 at 13:53
1 Answer
Reset to default 6I have successfully created a build of the SDK for my browser (http://docs.aws.amazon./AWSJavaScriptSDK/guide/browser-building.html) which includes ELB API support.
The referenced page already provides the first clue towards the lack of CORS support for elasticloadbalancing.eu-west-1.amazonaws. you correctly suspect to be the cause here:
If you are working with the SDK outside of an environment that enforces CORS in your browser and want access to the full gamut of services provided by the AWS SDK for JavaScript, it is possible to build a custom copy of the SDK locally by cloning the repository and running the same build tools used to generate the default hosted version of the SDK.
That is, the main reason for the official AWS SDK for JavaScript in the Browser excluding all but the currently 5 services listed in section Supported Services within Working with Services in the Browser is their lack of CORS support:
It is possible to use the SDK with other services if CORS security checking is disabled in your environment. In this case, you can build your own custom version of the SDK. See the Building the SDK section of the guide for more information on how to create a custom build of the SDK.
Unfortunately neither Amazon EC2 nor Elastic Load Balancing currently offers CORS support, see e.g. this recent Feature Request (CORS support for EC2 service), where the author rightfully reaches the same conclusion as you did already (while also hinting on Node.js to be another major use case, which supports all available AWS services, see Working with Services in Node.js):
From my point of view if AWS is providing a aws-sdk-js library all AWS services supported by this library should support CORS so that the aws-sdk-js iibrary is not just useable in a node.js environment but also in a browser.
While I agree in principle and would have expected faster turnaround times on this myself, AWS is well known for an agile approach to product development, i.e. start early with a small feature set and improve over time based on customer feedback. Notably the SDK is labeled Developer Preview only, i.e. not even BETA yet and I'd hope this to be addressed in the future accordingly - admittedly this is easily overlooked and a more prominent warning might go a long way in sparing users the time to figure out this limitation by themselves.