Origin header missing from cross origin request to S3 on Chrome
Before making the GET
request for the font, Chrome would have sent a preflight OPTIONS
request for the font resource. It is in this preflight request that Chrome would have sent the Origin
header. S3's CORS policy would have returned the required Access-Control-Allow-Origin
header in response to this preflight OPTIONS
request.
Thereafter, Chrome would have made the GET request for the font -- the request that you have shown in the screenshot. Chrome would not send the Origin
header in this GET
request now. And as the screenshot shows, the request was successful (Status Code 200 OK). Also note the Amazon headers (starting with x-amz-
) and Server: AmazonS3
present in the response.
It does seem that your site https://proximate.com would have received the font from Amazon S3. Was that not the case?
For more details please see the links https://spring.io/understanding/CORS and https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html.