- Newest
- Most votes
- Most comments
Ref Links:
- https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html
- serverless
The remapping of certain HTTP headers, such as "WWW-Authenticate", to "x-amzn-Remapped-*" is designed to prevent certain types of potential security vulnerabilities.
However, the AWS API Gateway is able to return headers without remapping. Therefore, when a service like AWS Lambda is integrated with AWS API Gateway, it's possible to have more control over HTTP headers. AWS API Gateway can add or modify HTTP headers before the client receives them.
In your specific case, since you're invoking the Lambda function directly using its ARN, the function's response will always be subject to Lambda's automatic header remapping. One workaround could be to use AWS API Gateway even though you are currently avoiding it.
Yes, both API gateway and Lambda function url remap "WWW-Authenticate" to "x-amzn-Remapped-www-authenticate" in case of 401. If you are using cloud front then one possible way could be to move your basic authentication to cloudfront lambda@edge.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
Using API gateway is also okay, as long as I it doesn't remap the header. How to do it? Is it doable without custom lambda authorizer and having a proxy integration?