If you encounter issues where documents stored in AmazonS3 share object storage cannot be edited using a text editor, you can use a workaround to correct this.
Workaround:
- Change the Header set in the Content-Security-Policy
- Use the Amazon S3 console to add a cross-origin resource sharing (CORS) configuration to an S3 bucket.
Change the Content-Security-Policy
Content Security Policy (CSP) is an HTTP header that allows site operators control over where resources can be loaded from on their site.
- The use of this header is the best method to prevent cross-site scripting (XSS) vulnerabilities.
To change the Header set in CSP:
- Open a command-line prompt.
Type in the following code (or copy and paste):
Content-Security-Policy: "default-src 'self' *.live.com *.amazonaws.com; style-src 'unsafe-inline' 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self';font-src 'self' data:;img-src 'self' data
Add a CORS Policy
To configure your bucket to allow cross-origin requests, you add CORS configuration to the bucket. A CORS configuration is an XML document that defines rules that identify the origins that you will allow to access your bucket, the operations (HTTP methods) supported for each origin, and other operation-specific information.
For more information about CORS, see Cross-Origin Resource Sharing (CORS) in the Amazon Simple Storage Service Developer Guide.
To allow the use of a text editor:
The CORS configuration is an XML file. The text that you type in the editor must be valid XML.
- Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.
- In the Bucket name list, choose the name of the bucket that you want to create a bucket policy for.
- Choose Permissions, and then choose CORS configuration.
In the CORS configuration editor text box, type or copy and paste the following CORS configuration:
<CORSConfiguration>
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
<MaxAgeSeconds>3000</MaxAgeSeconds>
</CORSRule>
</CORSConfiguration>
Click Save.