improve wordings

reflectoring · Jun 6, 2024 · cfa559c · cfa559c
1 parent 7aa47b2
commit cfa559c
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/content/blog/2024/2024-06-05-aws-s3-presigned-urls.md b/content/blog/2024/2024-06-05-aws-s3-presigned-urls.md
@@ -218,7 +218,7 @@ Access to XMLHttpRequest at 'https://..presigned-url' from origin 'http://ourdom
 
 Ah, the infamous CORS error! 😩
 
-We encounter this error because web browsers implement the security mechanism of **Same-Origin Policy** by default, which restricts our client application to interact with a resource from another origin (S3 bucket in this context).
+We encounter this error because web browsers implement the **Same-Origin Policy** mechanism by default, which restricts our client application to interact with a resource from another origin (S3 bucket in this context).
 
 In order to solve this, we'll need to add a CORS configuration to our provisioned S3 bucket:
 
@@ -243,7 +243,7 @@ In order to solve this, we'll need to add a CORS configuration to our provisione
 
 The above configuration allows our client application, hosted at `http://ourdomain.com`, to send HTTP GET and PUT requests to access our provisioned S3 bucket.
 
-In our configuration, we follow the least privilege principle again and grant access only to the necessary origin and methods required by our application. **An overly permissive CORS configuration that uses a wildcard `*` for all properties should be avoided**, as it can introduce security vulnerabilities.
+In our configuration, we follow the least privilege principle similar to our IAM policy and grant access only to the necessary origin and methods required by our application. **An overly permissive CORS configuration that uses a wildcard `*` for all properties should be avoided**, as it can introduce security vulnerabilities.
 
 ## Integration Testing with LocalStack and Testcontainers
 
@@ -449,9 +449,9 @@ When using Presigned URLs in our architecture and exposing them to our client ap
 
 * **Adhere to the Least Privilege Principle**: We've already discussed how this principle can be followed in our IAM policy and CORS configuration in the above sections. **A presigned URL is limited by the permissions of the IAM user who creates it**, overly permissive policies and configurations that grant broad access to muliple or all S3 buckets and actions should be avoided.
 
-* **Authenticate User Before URL Generation**: Before generating a Presigned URL, the requesting user's identity and authority should be validated to prevent unauthorized access. The API responsible for generating Presigned URLs should be secured and preferably rate limited.
+* **Authenticate User Before URL Generation**: Before generating a Presigned URL, the requesting user's identity and authority should be validated by the server to prevent unauthorized access. The API responsible for generating Presigned URLs should be secured and preferably rate limited.
 
-By following these security best practices, we can strengthen our architecture's security when using Presigned URLs for file transfers.
+By following these security best practices, we can strengthen our architecture's security and mitigate risks when using Presigned URLs for file transfers.
 
 ## Conclusion