400 The parameter Headers contains Authorization that is not allowed

0

I receive an error "400 The parameter Headers contains Authorization that is not allowed." when creating an origin request policy through AWS console and CLI with the following parameters:

Headers Whitelist: Authorization
Cookies: All
Query strings: All

I set the Authorization header through a Lambda@Edge function and need CloudFront to forward it to my API Gateway.

Nabware
asked 3 years ago1091 views
1 Answer
0

Problem solved, with just a little reading.

I created a custom cache policy to whitelist the Authorization header as the default policies do not cache any headers. I can then use an origin request policy to decide if I want the Authorization header to be cached or not, per the documentation below:

"All URL query strings, HTTP headers, and cookies that you include in the cache key (using a cache policy) are automatically included in origin requests. Use the origin request policy to specify the information that you want to include in origin requests, but not include in the cache key."

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html

Edited by: Nabware on Oct 30, 2020 1:52 PM
As an aside, I still receive the same error when trying to create an origin request policy to whitelist the Authorization header. My guess would be CloudFront does not cache the Authorization header by default for security purposes.

Nabware
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions