amazon web services - AWS CloudFront - Issues with CORS Policy

Question

I'm having problems streaming my video with Amazon CloudFront. I have setup an S3 bucket, transcoded my video file with MediaConvert and created a CloudFront Distribution.

However, when I try to stream my video with VideoJS I get the following error:

Access to XMLHttpRequest at 'my-cloudfront-URL' from origin 'my-website-URL' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

When I enter my CloudFront URL in a web browser I get the following response:

<Error>
   <Code>AccessDenied</Code>
   <Message>Access Denied</Message>
   ...
</Error>

Here is the code that streams the file:

<!DOCTYPE html>

<html>

    <body>
        <video-js id=vid1 width=600 height=300 class="vjs-default-skin" controls>
            <source
               src="my-CloudFront-distribution"
               type="application/x-mpegURL">
          </video-js>
          <script src="https://cdnjs.cloudflare.com/ajax/libs/video.js/7.0.0/video.min.js"></script>
          <script src="https://cdnjs.cloudflare.com/ajax/libs/videojs-contrib-hls/5.15.0/videojs-contrib-hls.js"></script>
          <script>
          var player = videojs('vid1');
          player.play();
          </script>
    </body>

</html>

How can I overcome this issue?

Update 1:

Here is what my Bucket Policies looks like (I've placed three dots wherever I feel that there is personal data):

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ..."
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::educationvids/*"
        }
    ]
}

My CORS configuration:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "DELETE",
            "GET"
        ],
        "AllowedOrigins": [
            "https://www.moodleapi.co.za/"
        ],
        "ExposeHeaders": [
            "x-amz-server-side-encryption",
            "x-amz-request-id",
            "x-amz-id-2"
        ],
        "MaxAgeSeconds": 3000
    }
]

Update 2:

I am now able to to download the file if I enter the CloudFront URL and no longer get the AccessDenied response being returned. However, when I access the file from VideoJS from my web server, I still get the CORS error.

Answer 1

Maybe you need to set up CORS.

Add WS Lambda function, and set Origin Response. e.g.

const path = require('path');

exports.handler = (event, context, callback) => {
  const { response, request } = event.Records[0].cf;

  response.headers['Access-Control-Allow-Origin'] = [{ value: '*' }];
  response.headers['Access-Control-Allow-Headers'] = [{ value: 'Content-Type,Content-Length, Authorization, Accept,X-Requested-With' }];
  response.headers['Access-Control-Allow-Methods'] = [{ value: 'PUT,POST,GET,DELETE,OPTIONS' }];

  return callback(null, response);
};