cloudfront: Failed to forward Authorization header from cloudfront to API Gateway
See original GitHub issueI am using distribution HTTP API with cloudfront. And I want to pass Authorization
header from cloudfront to HTTP API lambda authorizer. And I am not able to whitelist any header from cloudfront.
Reproduction Steps
In brand new CDK Projest just create the following policy
new OriginRequestPolicy(this, 'testOriginPolicy', {
cookieBehavior: OriginRequestCookieBehavior.all(),
headerBehavior: OriginRequestHeaderBehavior.allowList('Authorization'),
queryStringBehavior: OriginRequestQueryStringBehavior.all()
})
What did you expect to happen?
I expcted to successfully deploy the origin policy. I haven’t even attached to cloudfront distribution yet.
What actually happened?
The deploy fails with following error
Invalid request provided: AWS::CloudFront::OriginRequestPolicy
The following resource(s) failed to create: [testOriginPolicyBBC7F32C].
Environment
- CDK CLI Version : 1.91.0
- Framework Version:
- Node.js Version: v14.16.0
- OS : Ubuntu 20.04 on WSL2
- Language (Version): Typescript ~3.9.7
Other
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Configure CloudFront to forward the Authorization header to ...
Configure your distribution to forward the Authorization header to the origin in one of these ways: Create a cache policy.
Read more >Amazon CloudFront & HTTP Request Headers ( ... - Medium
CloudFront forwards the Authorization header field to your origin if you do not configure CloudFront to cache responses to OPTIONS requests.
Read more >How to whitelist Authorization header in CloudFront ...
It is possible to use the Origin Request Policy to forward all headers (use the Managed-AllViewer) which includes Authorization.
Read more >CloudFront + API Gateway AWS_IAM Authorization
I am trying to put a CloudFront distribution in front of it, I have configured origin and cache behavior; the Authorization header is...
Read more >Missing Authentication Token Error with CloudFront & API ...
In the CloudFront Cache Behavior that routes to API Gateway, did you whitelist the Authorization header for forwarding? CloudFront removes ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
This is actually reasonably straightforward. Simply create a new CachePolicy with 0s for all TTLs, and add the header policy. Then use this new cache policy with your distribution.
Quick addition to @njlynch 's response. I had to set at least 1 of the TTL’s to something in order to create the cache policy, so I set max TTL to 1 second: