Amazon Web Services Adds Long Requested Web Browser Specification

Amazon Web Services (AWS) added support today for a browser specification that defines ways for  apps to allow resources to be accessed by web pages from different domains. The practice is called Cross Origin Resource Sharing (CORS) and has been requested by AWS users for the past few years.

The new service represents another way that AWS automates tasks that developers once had to do themselves. We see this over and again fron AWS. They  abstract arduous tasks so developers can focus on building apps.

Jeff Barr writes on the AWS blog that developers can use the CORS specification  to build web applications that use JavaScript and HTML5 to interact directly with resources in Amazon S3 without the need for a proxy server.

Cross-scripting attacks have historically been used  to inject client-side script into Web pages viewed by other users. According to Wikipedia, “CORS makes it possible  to determine whether or not to allow the cross-origin request.  It is a compromise that allows greater flexibility, but is more secure than simply allowing all such requests.”

According to Brr:

You can implement HTML5 drag and drop uploads to Amazon S3, show upload progress, or update content directly from your web applications. External web pages, style sheets, and HTML5 applications hosted in different domains can now reference assets such as web fonts and images stored in an S3 bucket, enabling you to share these assets across multiple web sites.

The thread on Hacker News about the news shows how much credibility AWS has with its developer community:

Finally, I won’t have to proxy s3 requests through my own nginxes.

I’ve pled for this feature in the AWS forum, over their commercial support (which I bought just to bug them about this), and to werner vogels directly.

More information about CORS on AWS is available here.