Testing Amazon S3 CORS headers

Resources served from AWS S3 can have CORS headers set, useful for JSON data intended for inclusion. But testing it from the command line is not simple.

Plain old “curl” doesn’t work because it doesn’t show headers. “curl –verbose” works, but even if CORS is configured on S3 you won’t get CORS headers. You have to set an Origin: header in the HTTP request to induce Amazon to set a CORS header in the response.

curl -H 'Origin: http://example.com' --verbose http://s3.amazonaws.com/data.openaddresses.io/machine-stats.json > /dev/null

Also doesn’t work: “curl -I”. That’s supposed to be curl’s “print headers” option but it also switches to doing a HEAD, not a GET, and S3 doesn’t set the CORS headers for HEAD requests.


2 thoughts on “Testing Amazon S3 CORS headers

  1. Try “curl -IXGET -H 'Origin: http://example.com' http://s3.amazonaws.com/data.openaddresses.io/machine-stats.json” instead of using --verbose and then sending the response to /dev/null… and then getting unclean output on the error stream. Much nicer for further scripting especially.

Comments are closed.