I want to configure my-bucket on AWS S3 that can be reachable with only one domain. Let's call it http://example.com. So I have generated a CORS Policy and also Bucket Policy for this reason. But somehow it works for all other domain if I specifies Origin parameter while sending request via Postman
So, I have been trying to send a get request under the on of the file. The url is: "https://my-bucket.s3.us-east-1.amazonaws.com/index.html"
Please take a look screenshot postman
So what i want is, if origin is not checked the response should be AccessDenied. If Origin parameter is checked it should be work for AllowedMethods and we can reach the files.
My CORS policy:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"HEAD",
"POST",
"PUT",
"DELETE"
],
"AllowedOrigins": [
"http://example.com"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
and my Bucket Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAccessFromSingleDomain",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
}
]
}
I have tried different type of policies for AWS S3 Configurations. But I can not handle it so far, because if I specify the origin parameter or not it still give response in postman. But I want if origin is not specified it should response "AccessDenied"
