When accessing my application hosted on the subdomain ui.dailytechpoint.com, and making requests to the API server on api.dailytechpoint.com, the REST API successfully generates the required cookies for CloudFront. These cookies include :
CloudFront-Policy,
CloudFront-Signature, and
CloudFront-Key-Pair-Id,
each with the correct values. However, the browser on ui.dailytechpoint.com refuses to store these cookies when the REST API is triggered. How can I resolve this issue?
In my case, the value of AllowedOrigin was * . To resolve it, I set the CORS permissions from the S3 bucket. However, instead of using the default settings, I changed them to the following, and it works.
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>https://ui.dailytechpoint.com</AllowedOrigin>
<AllowedOrigin>https://api.dailytechpoint.com</AllowedOrigin>
<AllowedOrigin>https://*.dailytechpoint.com</AllowedOrigin>
<AllowedOrigin>https://dailytechpoint.com</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
</CORSRule>
</CORSConfiguration>