aws-solutions/real-time-web-analytics-with-kinesis

Solution unusable in modern browsers because of missing Access-Control-Allow-Headers

Opened this issue · 1 comments

pajel commented

I've successfully deployed this solution to an AWS account. Tests with provided python script or simple curl work fine, dashboard shows data coming in.

However, if you add the below javascript beacon code (taken from AWS documentation) in your site all modern browsers will refuse to send the metrics because of CORS issues.

var url = beacon_url; //from Outputs section of CloudFormation stack
http.open("POST", beacon_url);
http.setRequestHeader("event","click");
http.setRequestHeader("page","productpage.html");
http.setRequestHeader("clientid","user123");
http.send();

Error in Firefox: Access to XMLHttpRequest at 'http://<beacon_url>/' from origin 'https://<my_site>' has been blocked by CORS policy: Request header field page is not allowed by Access-Control-Allow-Headers in preflight response.

Proposed fix: the solutions webservers need to respond to javascript's preflight requests with correct Access-Control-Allow-Headers which needs to enumerate all allowed headers.

We have added your request to our solution backlog items and it will be fixed in future solution releases. We thank you for your contribution.