Invalid CORS headers for files not from Cloudfront

Support APIs
#1

Hi, CometChat Support team!
There are some strange headers for attached images, it’s a random bug, no steps to reproduce but happens pretty often.

Here are two kinds of images if you download them as an attachment for a message.

  1. Missed from CloudFront (and has no CORS headers)
  2. Hit from CloudFront (and has correct CORS)

For #1 case, because of no valid CORS, user isn’t able to download it via HTTP, because he gets CORS error (but able to see it in html IMG element with src="…")
For #2, everything is ok.

16
161048×1380 309 KB

Not valid request

Request URL:
https://data-eu.cometchat.io/182578381ca28fc/media/1603462021_1562380209_0d5b1c4c7f720f698946c7f6ab08f687.jpg
    2. Referrer Policy:
strict-origin-when-cross-origin
1. Response Headers
    1. accept-ranges:
bytes
    2. content-length:
2822428
    3. content-type:
image/jpeg
    4. date:
Wed, 28 Oct 2020 06:36:54 GMT
    5. etag:
"32d6c9b6be21b601e3ee69e627868365"
    6. last-modified:
Fri, 23 Oct 2020 14:07:02 GMT
    7. server:
AmazonS3
    8. status:
200
    9. via:
1.1 9810d82af8847b51b9c3048141069a65.cloudfront.net (CloudFront)
    10. x-amz-cf-id:
8JnsLMS28Bht3U4oOf2wherK_j4VPXl5l1PPNIBDpOIFxj8roeAgvw==
    11. x-amz-cf-pop:
FRA6-C1
    12. x-amz-server-side-encryption:
AES256
    13. x-cache:
Miss from cloudfront

Valid request:

    1. Request URL:
https://data-eu.cometchat.io/182578381ca28fc/media/1603881399_1407081624_0d5b1c4c7f720f698946c7f6ab08f687.jpg
    2. Request Method:
GET
    3. Status Code:
200
    4. Remote Address:
13.224.194.89:443
    5. Referrer Policy:
strict-origin-when-cross-origin
1. Response Headers
    1. accept-ranges:
bytes
    2. access-control-allow-methods:
GET
    3. access-control-allow-origin:
*
    4. access-control-expose-headers:
Content-Range, Content-Length, ETag
    5. age:
2466
    6. content-length:
2748450
    7. content-type:
image/jpeg
    8. date:
Wed, 28 Oct 2020 11:18:01 GMT
    9. etag:
"c9e78cc5c1a3671c390ab613a3cce625"
    10. last-modified:
Wed, 28 Oct 2020 10:36:40 GMT
    11. server:
AmazonS3
    12. status:
304
    13. vary:
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
    14. via:
1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
    15. x-amz-cf-id:
4ZifyLttvTKaN7uYJolTEvSBIl0WlqNjD4CiPfptf9XsDdCj4OVQ7g==
    16. x-amz-cf-pop:
FRA2-C1
    17. x-amz-server-side-encryption:
AES256
    18. x-cache:
Hit from cloudfront

In both cases we should have correct CORS headers:

    access-control-allow-methods: GET
    access-control-allow-origin: *

Please help to sort this thing out, thanks in advance!

#2

No support here at all, thanks CometChat Pro Support …