Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Amazon S3 snippets... Transmit FTP cloud settings... Other related goodies...

S3 Website "Index Document"

index.html:

<html>
<head>
<title>403 Forbidden</title>
</head>
<body>
<p>Directory access is forbidden.</p>
</body>
</html>

S3 Website "Error Document"

4xx.html:

<html>
<head>
<title>Forbidden</title>
</head>
<body>
<p>Directory access is forbidden.</p>
</body>
</html>

S3 CORS Configuration

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>http://*.foo1.com</AllowedOrigin>
        <AllowedOrigin>http://*.foo2.com</AllowedOrigin>
        <AllowedOrigin>http://11.111.111.111</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>2592000</MaxAgeSeconds>
        <ExposeHeader>Content-Length</ExposeHeader>
        <ExposeHeader>Date</ExposeHeader>
        <ExposeHeader>ETag</ExposeHeader>
        <ExposeHeader>Connection</ExposeHeader>
        <AllowedHeader>Date</AllowedHeader>
        <AllowedHeader>Authorization</AllowedHeader>
        <AllowedHeader>Content-Type</AllowedHeader>
        <AllowedHeader>Content-Length</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

Transmit "Custom Amazon S3 Upload Headers"

Default:

  1. Cache-Control: max-age=86400 (1 day)

css:

  1. Content-Type: text/css
  2. Cache-Control: max-age=2592000 (30 days)

otf:

  1. Content-Type: font/opentype
  2. Cache-Control: max-age=31536000 (1 year)

woff:

  1. Content-Type: font/woff
  2. Cache-Control: max-age=31536000

ttf:

  1. Content-Type: font/truetype
  2. Cache-Control: max-age=31536000

svg:

  1. Content-Type: image/svg+xml
  2. Cache-Control: max-age=31536000

eot:

  1. Content-Type: application/vnd.ms-fontobject
  2. Cache-Control: max-age=31536000

html:

  1. Content-Type: text/html
  2. Cache-Control: max-age=86400
@mhulse
Copy link
Author

mhulse commented Sep 7, 2012

I'll be adding more as time goes on...

@mhulse
Copy link
Author

mhulse commented Oct 5, 2012

Note to self: As of Sept. 2012, there appears to be some issues with AllowedOrigin.

I'm not sure if it's related to above issue, but I've noticed that my web fonts randomly fail to load. I suspect that it has something to do with having multiple <AllowedOrigin> nodes.

@mhulse
Copy link
Author

mhulse commented Oct 5, 2012

Some good info here:

@font-face gotchas

@mhulse
Copy link
Author

mhulse commented Oct 8, 2012

Should the woff content-type be application/x-font-woff????

@mhulse
Copy link
Author

mhulse commented Jan 14, 2013

Update: I've posted some related info here:

Setting up Google Cloud Storage with CORS for Web Fonts.md

@mhulse
Copy link
Author

mhulse commented Dec 16, 2013

The HTML5 boilerplate has a good list of mime types:

https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess

See the mod_mime.c section.

@mhulse
Copy link
Author

mhulse commented Dec 21, 2013

Note, I was having issues with Firefox and loading a webfont via S3 on a GitHub-hosted custom domain.

This was the CORS that ended up working for me:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>http://*.mky.io</AllowedOrigin>
        <AllowedOrigin>http://mky.io</AllowedOrigin>
        <AllowedOrigin>http://*.local</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>2592000</MaxAgeSeconds>
        <ExposeHeader>Content-Length</ExposeHeader>
        <ExposeHeader>Date</ExposeHeader>
        <ExposeHeader>ETag</ExposeHeader>
        <ExposeHeader>Connection</ExposeHeader>
        <AllowedHeader>Date</AllowedHeader>
        <AllowedHeader>Authorization</AllowedHeader>
        <AllowedHeader>Content-Type</AllowedHeader>
        <AllowedHeader>Content-Length</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

Note that I had to specify both http://*.mky.io AND http://mky.io! For some reason I thought the former would account for both.

Also note that http://*.local is for a locally spoofed development setup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment