Cloudfront CORS只适用于子域名

使用Cloudfront + S3与CORS进行非常奇怪的行为

当我跑步

curl -I -s -X GET -H "Origin: https://myapp.com" https://s3.amazonaws.com/myapp/assets/fontawesome-webfont.woff | grep Access 

 curl -I -s -X GET -H "Origin: https://**www.**myapp.com" https://s3.amazonaws.com/myapp/assets/fontawesome-webfont.woff | grep Access 

都按预期返回值:

访问控制允许来源: https : //musicjungle.com.br

Access-Control-Allow-Methods:GET访问控制 – 公开 – 标题:ETag

Access-Control-Max-Age:3000 Access-Control-Allow-Credentials:true

Vary:Origin,Access-Control-Request-Headers,

访问控制请求法

但是,当我尝试使用Cloudfront URL运行相同的curl时,只需www子域就可以工作

 curl -I -s -X GET -H "Origin: https://www.myapp.com" https://d1bfllp5zjnl7u.cloudfront.net/assets/fontawesome-webfont.woff | grep Access 

Access-Control-Allow-Origin: https : //www.musicjungle.com.br

访问控制 – 允许 – 方法:GET,PUT,POST,DELETE,HEAD

Access-Control-Max-Age:3000 Access-Control-Allow-Credentials:true

下面的命令不会按预期返回标题

 curl -I -s -X GET -H "Origin: https://myapp.com" https://d1bfllp5zjnl7u.cloudfront.net/assets/fontawesome-webfont.woff | grep Access 

任何意识为什么这可能会发生? 我已经在S3 CORSconfiguration上允许两台服务器的Origin(如我们上面所见),但是它似乎是Cloudfrontconfiguration上的一些东西,只允许“www.myapp.com”。