2 Answers
- Newest
- Most votes
- Most comments
0
It might be a good idea to put CloudFront Distribution in front of your ALB.
This has the advantage that can arrange caching of static files for you.
It also give you flexibility in adding more Origins
on specific paths this could well be a Lambda.
You can create your CSRF token in the lambda.
Validation of the token is usually only done when HTTP-posting something.
answered a year ago
0
Hi there, The solution I found consists on getting rid of CSRF record at all. In particular, instead of using cookies we opted for using local storage on the client side. In particular, the idea is to:
- Remove the CSRF token part
- Update the authentication code to make no longer use of Cookies but replace it with local storage on the client side (https://stackoverflow.com/questions/35291573/csrf-protection-with-json-web-tokens)
- This requires “small” changes on the application side (back-end and front-end actually).
- Enable CORS on the S3 bucket
On top of that, using OIDC or moving the authentication to the ALB, we can totally get rid of the backend and host the website fully on an S3 bucket. ;)
answered a year ago
Relevant content
- asked 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 9 months ago
Hi there, CloudFront will force me to go via the Internet at least for the authentication. Actually, I would like to keep the entire workflow private.
Ah, didn't understand that requirement yet.
Then I'd go for a very simple thingy in between maybe even a lambda with url.
Otherwise a simple ec2 instance or ecs container with some intelligent proxy.