Company D is running their corporate website on Amazon S3 accessed from http//www.companyd.com. Their marketing team has published new web fonts to a separate S3 bucket accessed by the S3 endpoint https://s3-us-west-l .amazonaws.com/cdfonts. While testing the new web fonts, Company D recognized the web fonts are being blocked by the browser
What should Company D do to prevent the web fonts from being blocked by the browser?
A. Enable versioning on the cdfonts bucket for each web font
B. Create a policy on the cdfonts bucket to enable access to everyone
C. Add the Content-MD5 header to the request for webfonts in the cdfonts bucket from the website
D. Configure the cdfonts bucket to allow cross-origin requests by creating a CORS configuration
All browsers implement the Same-Origin policy, for security reasons, where the web page from a domain can only request resources from the same domain.
CORS allows client web applications loaded in one domain access to the restricted resources to be requested from another domain
With CORS support in S3 allows cross-origin access to S3 resources
CORS configuration rules identify the origins allowed to access the bucket, the operations (HTTP methods) that would be supported for each origin, and other operation-specific information
D