CloudFront: Forward headers to HTTP GET endpoint
Hello, I'm having problems setting up CloudFront.
I'm using it as a layer in front of my API which currently uses the Authorization header for every request, so I don't want to enable caching. Everything works great for POST endpoints, the header is forwarded and if authentication fails, the JSON response with the error is returned. But for GET endpoints the Authorization header doesn't seem to be forwarded and only a "403 ERROR The request could not be satisfied." error from CloudFront is returned. I'm using the following cache settings:
- Newest
- Most votes
- Most comments
It seems like there might be an issue with how CloudFront is handling the Authorization header for GET requests. By default, CloudFront does not forward certain headers, including the Authorization header, to the origin server for GET requests when caching is enabled.
Here are a few steps you can try to resolve the issue:
Use a CloudFront Lambda@Edge Function: You can also use a Lambda@Edge function to modify the request before it reaches the origin server. This function can add or modify headers, including the Authorization header, for specific request paths or methods. Here's a guide on how to use Lambda@Edge with CloudFront: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-the-edge.html
Check CORS Configuration: If you're using CORS (Cross-Origin Resource Sharing) on your API, ensure that the CORS configuration allows the Authorization header for GET requests. Misconfigured CORS settings can sometimes cause issues with headers not being forwarded correctly.
Try one or more of these solutions and see if it resolves the issue with the Authorization header not being forwarded for GET requests in CloudFront.
Relevant content
- asked a year ago
- asked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
I confirmed that with the same settings as you have depicted in your picture, I am able to use both POST and GET methods and the Authorization header is making it to the origin. I'm not setup to do anything with the header, but I can confirm it reaches the backend target. Can you provide more details of your setup, such as what kind of origin?