<>.cloudfront.net/graphql met with 403


I have an ELB environment, running a simple express/node server on one tiny wee instance (t2.micro) on EC2. It serves up a React Web-app and is the backend to a React-Native mobile-app.

We have pointed a Cloudfront distribution at the environment, and have setup a WAF/Lambda setup to automatically handle blocking of malicious actors.

Whilst we are testing the default security group is so right now the environment url is open to the world.

When I go to the environment url (...elasticbeanstalk.com) it serves up our react web-app and has full functionality, I can log-in fine.

When I go to the cloudfront url (...cloudfront.net) it displays the top-level screens (login or signup) correctly, but the login functionality is not there.

The submit button, which pushes a request to ...cloudfront.net/graphql, is being responded to with a 403 error.

I'm guessing something in my CloudFront setup isn't correct.
-> Does that sound right to you?
-> If so, where would you start with looking?
----> What more would you need to know to be able to diagnose the source of the problem?

Edited by: OliverBrowne on Jan 11, 2019 5:53 AM
edited for clarity

asked 5 years ago204 views
1 Answer

The CloudFront Default is to set distributions with only permission for Get and Head. To change this...

CloudFront Console
--> select your Distribution
----> select Behaviours tab
------> select your behaviour (probably the default)
--------> Edit

Change it from Get,Head (the default, first option) to the third option that includes Put.

answered 5 years ago
profile picture
reviewed 25 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions