Configure S3 CORS support. Closes #10.

2016-08-09 16:43:30 -04:00 · 2016-08-09 16:43:30 -04:00 · 5463a1e922
commit 5463a1e922
parent 4776595e79
2 changed files with 50 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -123,6 +123,43 @@ To enable replication, set configuration variable
 set `static-content-update-hook` to a string containing a shell
 command to execute every time the static content is updated.

+#### S3 Content
+
+To set up an S3 bucket---let's call it `s3.example`---for use with
+this site, follow these steps:
+
+ 0. Create the bucket ("`s3.example`")
+ 0. Optionally add a CNAME record to DNS mapping `s3.example` to
+    `s3.example.s3-website-us-east-1.amazonaws.com`. If you do, static
+    resources will be available at `http://s3.example/`; if not, at
+    the longer URL.
+ 0. Enable "Static Website Hosting" for the bucket. Set the index
+    document to `index.html` and the error document to `not-found`.
+
+Then, under "Permissions", click "Add bucket policy", and add
+something like the following.
+
+    {
+      "Id": "RacketPackageWebsiteS3Policy",
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Sid": "RacketPackageWebsiteS3PolicyStmt1",
+          "Action": "s3:*",
+          "Effect": "Allow",
+          "Resource": ["arn:aws:s3:::s3.example",
+                       "arn:aws:s3:::s3.example/*"],
+          "Principal": {
+            "AWS": ["<<<ARN OF THE USER TO WHOM ACCESS SHOULD BE GRANTED>>>"]
+          }
+        }
+      ]
+    }
+
+The user will need to be able to read and write objects and set CORS
+policy. (CORS is configured automatically by code in
+`src/static.rkt`.)
+
 ### Supervision

 Startable using djb's [daemontools](http://cr.yp.to/daemontools.html);
--- a/src/static.rkt
+++ b/src/static.rkt
@ -17,6 +17,7 @@
 (require web-server/http/request-structs)
 (require web-server/http/response-structs)
 (require file/md5)
+(require xml)
 (require xml/path)
 (require net/url)
 (require aws/s3)
@ -219,7 +220,19 @@
                   (file->bytes filepath)
                   (extension-map filepath))))

+(define (configure-s3-cors!)
+  (log-info "Configuring S3 CORS headers:\n~a"
+            (put/bytes (string-append aws-s3-bucket+path "?cors")
+                       (string->bytes/utf-8 (xexpr->string
+                                             `(CORSConfiguration
+                                               (CORSRule (AllowedOrigin "*")
+                                                         (AllowedMethod "GET")
+                                                         (AllowedHeader "*")))))
+                       "application/xml"
+                       '())))
+
 (define (static-renderer-aws-s3 index)
+  (when (not index) (configure-s3-cors!))
  (let ((index (or index (initial-aws-s3-index))))
    (match
        (rpc-handler (sync (rpc-request-evt))