Ryfujk

Bash - pair each line of file

Is it possible to stack the damage done by the Absorb Elements spell?

Is it true that good novels will automatically sell themselves on Amazon (and so on) and there is no need for one to waste time promoting?

Does the attack bonus from a Masterwork weapon stack with the attack bonus from Masterwork ammunition?

Synchronized implementation of a bank account in Java

What is the term when voters “dishonestly” choose something that they do not want to choose?

How can an organ that provides biological immortality be unable to regenerate?

What does Jesus mean regarding "Raca," and "you fool?" - is he contrasting them?

Brake pads destroying wheels

Optimising a list searching algorithm

What is the significance behind "40 days" that often appears in the Bible?

Existence of a celestial body big enough for early civilization to be thought of as a second moon

Would it be believable to defy demographics in a story?

Light propagating through a sound wave

In Aliens, how many people were on LV-426 before the Marines arrived​?

Suggestions on how to spend Shaabath (constructively) alone

Do US professors/group leaders only get a salary, but no group budget?

What can I do if I am asked to learn different programming languages very frequently?

Asserting that Atheism and Theism are both faith based positions

How to define limit operations in general topological spaces? Are nets able to do this?

Writing in a Christian voice

What does Deadpool mean by "left the house in that shirt"?

A Ri-diddley-iley Riddle

Can you move over difficult terrain with only 5 feet of movement?

Why CloudFront does not return Access-Control-Allow-Origin?

Setting Access-Control-Allow-Origin on CloudfrontWebfont won't load through CloudFront even with Access-Control-Allow-Origin set in the serverCloudfront - Failed to contact the originSetting Access-Control-Allow-Origin on CloudfrontAWS CloudFront Limit Origin AccessAccess-Control-Allow-Origin header missing from a responseCache-Control not working in AWS S3 object MetadataChrome S3 Cloudfront: No 'Access-Control-Allow-Origin' header on initial XHR requestAWS S3, CloudFront, web font CORS errorIs it possible to avoid costs for invalid requests at AWS S3 or cloudfront during a DDoS attack?CloudFront does not handle “Origin Path” and origin redirections well

1

I'm trying to figure out why cloudfront distribution does not cache / send through access-control-allow-origin.

When I curl my website:

HTTP/1.1 200 OK

Date: Sat, 03 Mar 2018 07:42:01 GMT

Content-Type: application/font-woff2

Content-Length: 77160

Connection: keep-alive

Set-Cookie: __cfduid=dda822a428a2dddb9113bbd425dba93e91520062921; expires=Sun, 03-Mar-19 07:42:01 GMT; path=/; domain=.flexrc.com; HttpOnly

Last-Modified: Fri, 02 Mar 2018 03:01:32 GMT

ETag: "5a98be8c-12d68"

Access-Control-Allow-Origin: *

CF-Cache-Status: HIT

Expires: Sat, 03 Mar 2018 11:42:01 GMT

Cache-Control: public, max-age=14400

Accept-Ranges: bytes

Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

Server: cloudflare

CF-RAY: 3f5a76ca7ddd3b50-YVR

but when I curl cloudfront file:

    HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 66624

Connection: keep-alive

Date: Sat, 03 Mar 2018 03:13:25 GMT

Last-Modified: Sun, 21 Feb 2016 22:02:50 GMT

ETag: "56ca340a-10440"

CF-Cache-Status: HIT

Expires: Sat, 03 Mar 2018 07:13:25 GMT

Cache-Control: public, max-age=14400

Accept-Ranges: bytes

Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

Server: cloudflare

CF-RAY: 3f58ed5738b09668-SJC

X-Cache: RefreshHit from cloudfront

Via: 1.1 f42a8d19b16850af801ce5662fc9fdab.cloudfront.net (CloudFront)

X-Amz-Cf-Id: HBJgB_UBz1pKdUQf-08bsZDXGE3Cv9GD6X9e3aUx_R8ejPdlQxGD8g==

In "Edit Behavior" for "Cache Based on Selected Request Headers" I've added whitelist
for Origin and Access-Control-Allow-Origin

I've also invalidated Object several times, as well I was waiting for the progress to finish on the distribution.

I'm not using S3.

I've also checked Setting Access-Control-Allow-Origin on Cloudfront

but it didn't help me.

Any advice is appreciated.

Distribution Settings

amazon-cloudfront

share|improve this question

edited Mar 3 '18 at 7:43

user1371169

asked Mar 2 '18 at 20:10

user1371169user1371169

62

bumped to the homepage by Community♦ 30 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  It looks like you have CloudFront pointing to Cloudflare, and you aren't getting the expected header back from Cloudflare, so you need to troubleshoot there. If the header is in the response, CloudFront will return it.
  
  – Michael - sqlbot
  Mar 2 '18 at 23:31
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I've updated my post, somehow copy pasted wrong output at first, sorry about it. You can see there that I'm actually getting Access-Control-Allow-Origin but not via cloudfront
  
  – user1371169
  Mar 3 '18 at 22:34
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You say you have invalidated the object "multiple times" but you definitely had not successfully invalidated it when you captured this response -- otherwise RefreshHit from cloudfront would not happen. You need to invalidate exactly what the browser is requesting, or just invalidate /*.
  
  – Michael - sqlbot
  Mar 3 '18 at 23:22
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I keep getting hits because I have a lot of traffic on my website. I've done exactly * for clear it all. Is it possible that I have to set distribution or some other settings different in cloudfront?
  
  – user1371169
  Mar 4 '18 at 4:34
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Are you sending an Origin header when you test? curl -v -H 'Origin: http://example.com' http://example.org/my/path?
  
  – Michael - sqlbot
  Mar 4 '18 at 4:39
  

  
  
  
  

 | 
show 1 more comment

1

I'm trying to figure out why cloudfront distribution does not cache / send through access-control-allow-origin.

When I curl my website:

HTTP/1.1 200 OK

Date: Sat, 03 Mar 2018 07:42:01 GMT

Content-Type: application/font-woff2

Content-Length: 77160

Connection: keep-alive

Set-Cookie: __cfduid=dda822a428a2dddb9113bbd425dba93e91520062921; expires=Sun, 03-Mar-19 07:42:01 GMT; path=/; domain=.flexrc.com; HttpOnly

Last-Modified: Fri, 02 Mar 2018 03:01:32 GMT

ETag: "5a98be8c-12d68"

Access-Control-Allow-Origin: *

CF-Cache-Status: HIT

Expires: Sat, 03 Mar 2018 11:42:01 GMT

Cache-Control: public, max-age=14400

Accept-Ranges: bytes

Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

Server: cloudflare

CF-RAY: 3f5a76ca7ddd3b50-YVR

but when I curl cloudfront file:

    HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 66624

Connection: keep-alive

Date: Sat, 03 Mar 2018 03:13:25 GMT

Last-Modified: Sun, 21 Feb 2016 22:02:50 GMT

ETag: "56ca340a-10440"

CF-Cache-Status: HIT

Expires: Sat, 03 Mar 2018 07:13:25 GMT

Cache-Control: public, max-age=14400

Accept-Ranges: bytes

Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

Server: cloudflare

CF-RAY: 3f58ed5738b09668-SJC

X-Cache: RefreshHit from cloudfront

Via: 1.1 f42a8d19b16850af801ce5662fc9fdab.cloudfront.net (CloudFront)

X-Amz-Cf-Id: HBJgB_UBz1pKdUQf-08bsZDXGE3Cv9GD6X9e3aUx_R8ejPdlQxGD8g==

In "Edit Behavior" for "Cache Based on Selected Request Headers" I've added whitelist
for Origin and Access-Control-Allow-Origin

I've also invalidated Object several times, as well I was waiting for the progress to finish on the distribution.

I'm not using S3.

I've also checked Setting Access-Control-Allow-Origin on Cloudfront

but it didn't help me.

Any advice is appreciated.

Distribution Settings

amazon-cloudfront

share|improve this question

edited Mar 3 '18 at 7:43

user1371169

asked Mar 2 '18 at 20:10

user1371169user1371169

62

bumped to the homepage by Community♦ 30 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  It looks like you have CloudFront pointing to Cloudflare, and you aren't getting the expected header back from Cloudflare, so you need to troubleshoot there. If the header is in the response, CloudFront will return it.
  
  – Michael - sqlbot
  Mar 2 '18 at 23:31
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I've updated my post, somehow copy pasted wrong output at first, sorry about it. You can see there that I'm actually getting Access-Control-Allow-Origin but not via cloudfront
  
  – user1371169
  Mar 3 '18 at 22:34
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You say you have invalidated the object "multiple times" but you definitely had not successfully invalidated it when you captured this response -- otherwise RefreshHit from cloudfront would not happen. You need to invalidate exactly what the browser is requesting, or just invalidate /*.
  
  – Michael - sqlbot
  Mar 3 '18 at 23:22
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I keep getting hits because I have a lot of traffic on my website. I've done exactly * for clear it all. Is it possible that I have to set distribution or some other settings different in cloudfront?
  
  – user1371169
  Mar 4 '18 at 4:34
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Are you sending an Origin header when you test? curl -v -H 'Origin: http://example.com' http://example.org/my/path?
  
  – Michael - sqlbot
  Mar 4 '18 at 4:39
  

  
  
  
  

 | 
show 1 more comment

I'm trying to figure out why cloudfront distribution does not cache / send through access-control-allow-origin.

When I curl my website:

HTTP/1.1 200 OK

Date: Sat, 03 Mar 2018 07:42:01 GMT

Content-Type: application/font-woff2

Content-Length: 77160

Connection: keep-alive

Set-Cookie: __cfduid=dda822a428a2dddb9113bbd425dba93e91520062921; expires=Sun, 03-Mar-19 07:42:01 GMT; path=/; domain=.flexrc.com; HttpOnly

Last-Modified: Fri, 02 Mar 2018 03:01:32 GMT

ETag: "5a98be8c-12d68"

Access-Control-Allow-Origin: *

CF-Cache-Status: HIT

Expires: Sat, 03 Mar 2018 11:42:01 GMT

Cache-Control: public, max-age=14400

Accept-Ranges: bytes

Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

Server: cloudflare

CF-RAY: 3f5a76ca7ddd3b50-YVR

but when I curl cloudfront file:

    HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 66624

Connection: keep-alive

Date: Sat, 03 Mar 2018 03:13:25 GMT

Last-Modified: Sun, 21 Feb 2016 22:02:50 GMT

ETag: "56ca340a-10440"

CF-Cache-Status: HIT

Expires: Sat, 03 Mar 2018 07:13:25 GMT

Cache-Control: public, max-age=14400

Accept-Ranges: bytes

Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

Server: cloudflare

CF-RAY: 3f58ed5738b09668-SJC

X-Cache: RefreshHit from cloudfront

Via: 1.1 f42a8d19b16850af801ce5662fc9fdab.cloudfront.net (CloudFront)

X-Amz-Cf-Id: HBJgB_UBz1pKdUQf-08bsZDXGE3Cv9GD6X9e3aUx_R8ejPdlQxGD8g==

In "Edit Behavior" for "Cache Based on Selected Request Headers" I've added whitelist
for Origin and Access-Control-Allow-Origin

I've also invalidated Object several times, as well I was waiting for the progress to finish on the distribution.

I'm not using S3.

I've also checked Setting Access-Control-Allow-Origin on Cloudfront

but it didn't help me.

Any advice is appreciated.

Distribution Settings

amazon-cloudfront

share|improve this question

edited Mar 3 '18 at 7:43

user1371169

asked Mar 2 '18 at 20:10

user1371169user1371169

62

HTTP/1.1 200 OK

Date: Sat, 03 Mar 2018 07:42:01 GMT

Content-Type: application/font-woff2

Content-Length: 77160

Connection: keep-alive

Set-Cookie: __cfduid=dda822a428a2dddb9113bbd425dba93e91520062921; expires=Sun, 03-Mar-19 07:42:01 GMT; path=/; domain=.flexrc.com; HttpOnly

Last-Modified: Fri, 02 Mar 2018 03:01:32 GMT

ETag: "5a98be8c-12d68"

Access-Control-Allow-Origin: *

CF-Cache-Status: HIT

Expires: Sat, 03 Mar 2018 11:42:01 GMT

Cache-Control: public, max-age=14400

Accept-Ranges: bytes

Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

Server: cloudflare

CF-RAY: 3f5a76ca7ddd3b50-YVR

    HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 66624

Connection: keep-alive

Date: Sat, 03 Mar 2018 03:13:25 GMT

Last-Modified: Sun, 21 Feb 2016 22:02:50 GMT

ETag: "56ca340a-10440"

CF-Cache-Status: HIT

Expires: Sat, 03 Mar 2018 07:13:25 GMT

Cache-Control: public, max-age=14400

Accept-Ranges: bytes

Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

Server: cloudflare

CF-RAY: 3f58ed5738b09668-SJC

X-Cache: RefreshHit from cloudfront

Via: 1.1 f42a8d19b16850af801ce5662fc9fdab.cloudfront.net (CloudFront)

X-Amz-Cf-Id: HBJgB_UBz1pKdUQf-08bsZDXGE3Cv9GD6X9e3aUx_R8ejPdlQxGD8g==

share|improve this question

edited Mar 3 '18 at 7:43

user1371169

asked Mar 2 '18 at 20:10

user1371169user1371169

62

share|improve this question

edited Mar 3 '18 at 7:43

user1371169

asked Mar 2 '18 at 20:10

user1371169user1371169

62

asked Mar 2 '18 at 20:10

user1371169user1371169

62

asked Mar 2 '18 at 20:10

user1371169user1371169

62

1 Answer
1

active

oldest

votes

0

Try purging your Cloudfront cache before retesting - the entire response is cached, including headers. I'm guessing what happened is:

1. ACAO for CF was turned off


2. curl made to CF - pulled response without ACAO into cache


3. setting was changed to enable ACAO


4. request was made - HIT in CF so the setting change was not reflected.

As a result, if you purge the cache and retry, you will get a new cache object generated with the proper headers.

share|improve this answer

answered Mar 2 '18 at 21:51

Brennen SmithBrennen Smith

1,280311

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hey Brennen, what is ACAO and how it can be turned off?
  
  – user1371169
  Mar 3 '18 at 3:11
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Sorry - ACAO = Access-Control-Allow-Origin. However I just re-read your post, and realized that I missed the bit about you purged the cache multiple times :(
  
  – Brennen Smith
  Mar 3 '18 at 3:15
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'm wondering if cloudfront needs me to setup different origin because I'm using cloudflare? I've also updated post to show that my domain returns ACAO
  
  – user1371169
  Mar 3 '18 at 7:45
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f899736%2fwhy-cloudfront-does-not-return-access-control-allow-origin%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

Try purging your Cloudfront cache before retesting - the entire response is cached, including headers. I'm guessing what happened is:

1. ACAO for CF was turned off


2. curl made to CF - pulled response without ACAO into cache


3. setting was changed to enable ACAO


4. request was made - HIT in CF so the setting change was not reflected.

As a result, if you purge the cache and retry, you will get a new cache object generated with the proper headers.

share|improve this answer

answered Mar 2 '18 at 21:51

Brennen SmithBrennen Smith

1,280311

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hey Brennen, what is ACAO and how it can be turned off?
  
  – user1371169
  Mar 3 '18 at 3:11
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Sorry - ACAO = Access-Control-Allow-Origin. However I just re-read your post, and realized that I missed the bit about you purged the cache multiple times :(
  
  – Brennen Smith
  Mar 3 '18 at 3:15
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'm wondering if cloudfront needs me to setup different origin because I'm using cloudflare? I've also updated post to show that my domain returns ACAO
  
  – user1371169
  Mar 3 '18 at 7:45
  

  
  
  
  

add a comment | 

0

Try purging your Cloudfront cache before retesting - the entire response is cached, including headers. I'm guessing what happened is:

1. ACAO for CF was turned off


2. curl made to CF - pulled response without ACAO into cache


3. setting was changed to enable ACAO


4. request was made - HIT in CF so the setting change was not reflected.

As a result, if you purge the cache and retry, you will get a new cache object generated with the proper headers.

share|improve this answer

answered Mar 2 '18 at 21:51

Brennen SmithBrennen Smith

1,280311

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Hey Brennen, what is ACAO and how it can be turned off?
  
  – user1371169
  Mar 3 '18 at 3:11
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Sorry - ACAO = Access-Control-Allow-Origin. However I just re-read your post, and realized that I missed the bit about you purged the cache multiple times :(
  
  – Brennen Smith
  Mar 3 '18 at 3:15
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I'm wondering if cloudfront needs me to setup different origin because I'm using cloudflare? I've also updated post to show that my domain returns ACAO
  
  – user1371169
  Mar 3 '18 at 7:45
  

  
  
  
  

add a comment | 

Try purging your Cloudfront cache before retesting - the entire response is cached, including headers. I'm guessing what happened is:

1. ACAO for CF was turned off


2. curl made to CF - pulled response without ACAO into cache


3. setting was changed to enable ACAO


4. request was made - HIT in CF so the setting change was not reflected.

As a result, if you purge the cache and retry, you will get a new cache object generated with the proper headers.

share|improve this answer

answered Mar 2 '18 at 21:51

Brennen SmithBrennen Smith

1,280311

share|improve this answer

answered Mar 2 '18 at 21:51

Brennen SmithBrennen Smith

1,280311

answered Mar 2 '18 at 21:51

Brennen SmithBrennen Smith

1,280311

answered Mar 2 '18 at 21:51

Brennen SmithBrennen Smith

1,280311