Missing Authentication Token Error with CloudFront & API Gateway

我们两清 提交于 2020-08-24 08:17:49

问题


I have setup a CloudFront Distribution with an API Gateway as one of the origins and this API Gateway is configured with an AWS IAM authorizer.

When CloudFront url is invoked with Authorization headers, it returns a 403 error.

{
    "message": "Missing Authentication Token"
} 

However, when the API Gateway url is invoked instead of CloudFront url with the same Authorization headers, it worked.

I've also tried invoking the endpoint without any authorizer via CloudFront url and it worked. Any idea on how to solve this issue.


回答1:


When provisioning a CloudFront distribution, remember that CloudFront removes most headers from the request by default.

This is done to optimize the cache hit ratio while preventing your origin server from making decisions based on those headers that would not be appropriate for different requests based on other variations (or absence) of those headers, which CloudFront would then serve from cache, inappropriately.

You'll need to whitelist the Authorization header for forwarding to the origin.

Note also that when provisioning API Gateway behind a CloudFront distribution that you control, you'll probably want to deploy your API endpoint as regional and not edge-optimized.



来源:https://stackoverflow.com/questions/47366993/missing-authentication-token-error-with-cloudfront-api-gateway

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!