[ARCHIVED] CORS AWS Issues

t-chapman
Community Member

My team is developing a Unity WebGL application hosted on an AWS static S3 bucket which needs to pull information from the Canvas API. We've added CORS origin headers on the AWS, but it appears the issue is on the Canvas side. When I ran the following command:

curl -v -H "origin:https://ourserver.com" "https://canvas.instructure.com/api/v1/courses "

I received a 401 Unauthorized HTTP status response. However, when I ran the following command:

curl -v -H "origin:https://canvas.instructure.com/api/v1/courses " "https://ourserver.com"

The content from the bucket was returned correctly with a 200 status code. This shows me that the S3 CORS policy is correctly configured when accessing resources in the S3 bucket from the Origin "https://canvas.instructure.com/api/v1/courses ", unless I'm making false assumptions here. In the response of the request made to the domain "https://canvas.instructure.com/api/v1/courses " I can see that there is no "Access-Control-Allow-Origin" header returned.

So in summary, is there a different call I should be making, a different setup required on our AWS bucket, or something else that I haven't thought of which I should doing? I'm sure others have set up web apps on AWS, so how'd they do it if Canvas CORS policies seemingly forbid it? (PS, I'm fairly new to the world of LMS systems, so I may indeed just not be going about this the right way.) Any advice is appreciated!

Labels (2)