Amazon S3 and Cross-Origin Resource Sharing (CORS)

Does Amazon S3 allow custom headers? Or am I out of luck?

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-SOMETHING
Access-Control-Max-Age: 1728000开发者_运维知识库

Example

var request = new XMLHttpRequest();
var url = 'http://example.s3.amazonaws.com/templates/welcome.html';

function callOtherDomain(){

    request.open('GET', url, true);
    request.withCredentials = "true";
    request.onreadystatechange = handler;
    request.send();

}

CORS is now officially supported on S3: http://docs.amazonwebservices.com/AmazonS3/latest/dev/cors.html

Currently, there is limited number of standrd http headers supported by s3.

Access-Control-Allow-* headers are not supported at this time: https://forums.aws.amazon.com/thread.jspa?threadID=34281&tstart=0

UPDATE:

Support for Cross-Origin Resource Sharing is added: https://forums.aws.amazon.com/ann.jspa?annID=1620

S3 Browser Freeware also supports this feature: http://s3browser.com/s3-bucket-cors-configuration.php

The list of supported HTTP headers can be found here: http://docs.amazonwebservices.com/AmazonS3/latest/API/index.html?RESTObjectPUT.html

Today Amazon announces the complete support for CORS, so you can now use HTML5 for example for Drag & Drop files directly to Amazon S3.