By using AWS re:Post, you agree to the Terms of Use

Which headers can be set in a $connect route response?

0

According to this example[1], the "Sec-WebSocket-Protocol" header can be set from a Lambda function set as a proxy integration for the $connect handler of a Websocket API, by returning the following payload:

{
  statusCode: 200,
  headers: {
    "Sec-WebSocket-Protocol" : "myprotocol"
  }
}

My question is, can other headers be set as well? It seems other headers are currently stripped. For example, when I set a 'Set-Cookie' header in the response, the header does not show up in the HTTP response. Is there a way to configure the route response or integration response so that such headers appear?

[1] https://docs.amazonaws.cn/en_us/apigateway/latest/developerguide/websocket-connect-route-subprotocol.html

Edited by: "jedlie" on Jul 12, 2020 6:14 AM

Edited by: "jedlie" on Jul 12, 2020 6:25 AM

2 Answers
0
Accepted Answer

No, WebSocket API doesn't allow to set other header. Most headers other than Upgrade, Connection, Sec-WebSocket-* are not meaningful for the handshake, but I do agree that Set-Cookie would be a valid use case, as mentioned in the specification.

_The server can also set cookie-related option fields to set_cookies, as described in [RFC6265].

answered 2 years ago
0

Thanks for the reply, jwaataws. Would love to see Set-Cookie allowlisted soon for Websocket APIs.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions