CORS enables micro services on AWS

AWS User Group Singapore (Mar 2016)

Kai Hendry



Headers & OPTIONS

curl \
    --verbose \
    --request OPTIONS \ \
    --header 'Origin:' \
    --header 'Access-Control-Request-Headers: Origin, Accept, Content-Type' \
    --header 'Access-Control-Request-Method: GET'

Fixing S3

diff --git a/nay.txt b/yay.txt
index 3bbcd43..76aba5d 100644
--- a/nay.txt
+++ b/yay.txt
@@ -3,7 +3,7 @@

Access-Control-Allow-Origin: *

For APIs, maybe we want to control access a little?

Use case

We need to listen to our customers! From our statically generated site!

AJAX with CORS enables us to communicate with:

AWS EC2 / SES / Route 53 live demo!

aws ec2 run-instances --image-id ami-94aa68f7 --count 1 --instance-type t1.micro --key-name hendry --security-groups default

Take aways

CORS is like a IP whitelist that enables the INTERNET OF THINGS

It's not really a security feature. It allows browsers to ease same origin policy and
it allows Web services to bless certain domains can use its services FROM THE BROWSER.

Thank you