问题
I'm using OAuth2 with my PHP EC2 server.
From my frontend client hosted in S3, I'm making requests to my ElasticBeanstalk EC2 server (both frontend and backend are served through Cloudfront with SSL cert).
These requests are sent with required access token header as Authorization: header ...
It seems Cloudfront strips these headers as I'm getting error:
error_description: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "access token" parameter."
I'm trying to "whitelist" this header through Cloudfront as instructed by this documentation but find it very confusing. Where in Cloudfront can I actually add the Authorization header to accept?
Part of the docs say:
You can configure each cache behavior in a web distribution to do one of the following:
- Forward all headers to your origin
But I've already done this when I set it up:
回答1:
You need to specifically whitelist headers you want, otherwise choosing None (Improves Caching) strips headers needed:
来源:https://stackoverflow.com/questions/52827824/whitelist-authorization-header-in-cloudfront