- Le plus récent
- Le plus de votes
- La plupart des commentaires
Try leveraging the CloudFront Origin Request Policies https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html to control what CloudFront is sending to the origin.
One needs to allow list many common headers like XFP which is outlined in the guide for custom origin headers handling. Often I advise customers leverage the managed policy "All viewer headers" in context to custom origins, as this managed policy sends all the headers we got from the edge to the origin, including host. Note that the Origin Request Policies do not affect the cache key as caching is defined in the Cache Policy.
For reference, I ended up setting a reverse proxy that adds the X-Forwarded-Proto
.
See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs
Contenus pertinents
- demandé il y a 7 mois
- demandé il y a un an
- demandé il y a 2 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 9 mois
One peculiar thing about CloudFront is that by default it minimizes what is forwarded to the origin. As the docs say: "Other information from the viewer request, such as URL query strings, HTTP headers, and cookies, is not included in the origin request by default.". Thus as AWS-amo noticed use an Origin Request Policy that fits your use-case.
Many thanks for your reply @AWS-amo ! I'm already using the
AllViewer
managed policy, but what is needed in this case is for CF to add the header (it's not sent as part of the client request). Does it make sense?Yes @redouane your inquiry makes sense - I was just experimenting with XFP and it seems to be a sensitive header (for what rationale escapes me atm). Is there anyway you could perhaps leverage CloudFront-Forwarded-Proto – Contains the protocol of the viewer's request (HTTP or HTTPS). Still this header would need to be allowed in the Origin Request Policy.
Thanks @AWS-amo - it's possible to use CloudFront-Forwarded-Proto on the origin with some modification to the opensource code. Also another option is to set a reverse proxy that will only take care of adding the custom headers, but maybe that's an overkill.