[英]How to cache cloudfront response sometime with a specific header and sometime without taking account the headers?
I'm using Apigateway with a Cloudfront distribution. 我正在将Apigateway与Cloudfront发行版一起使用。 I've setup a custom Authorizer.
我已经设置了自定义授权者。 The distribution is configured to forward the whitelisted header
Authorization
. 该分发配置为转发列入白名单的标题
Authorization
。
As an example, i've got 2 urls: 例如,我有2个网址:
http://domain.tld/me
(the logged in user informations) http://domain.tld/me
(已登录的用户信息) http://domain.tld/products
(the products collection) http://domain.tld/products
(产品集合) The goal is to cache /products
but not based on Authorization
header. 目标是缓存
/products
但不基于 Authorization
标头。 On the other side, I would like /me
to be cached with Authorization
header (because I don't want user B get cached information from user A ). 另一方面,我希望将
/me
与Authorization
标头一起缓存(因为我不希望用户B从用户A获取缓存的信息 )。 The both urls are protected with the authorizer. 这两个网址均由授权者保护。
How can i do that ? 我怎样才能做到这一点 ?
If you need to authenticate a request based on the Authorization
header before allowing them to see /products
yet you don't want the object to be cached based on the Authorization
header, then you can't use CloudFront with an API Gateway custom authorizer, because there is no way for CloudFront to pass a header through without caching on it -- such a configuration doesn't make sense, because CloudFront wouldn't know whether the request should be authorized at all. 如果您需要先基于
Authorization
标头对请求进行身份验证,然后再让它们查看/products
但又不想基于Authorization
标头对对象进行缓存,则无法将CloudFront与API Gateway自定义授权方一起使用,因为CloudFront无法在没有缓存的情况下传递标头-这样的配置没有意义,因为CloudFront根本不知道请求是否应被授权。
One workaround is to use a Lambda@Edge Viewer Request trigger instead of a custom authorizer, to allow/disallow access to CloudFront on the /products
path based on Authorization
. 一种解决方法是使用Lambda @ Edge Viewer Request触发器而不是自定义授权者,以基于
Authorization
允许/禁止在/products
路径上访问CloudFront。 If a Viewer Request trigger returns control to CloudFront (rather that emitting its own internally-generated response) then the cache is checked and the response served from the cache (hit) or fetched from the origin (miss). 如果“查看者请求”触发器将控制权返回给CloudFront(而不是发出自己的内部生成的响应),则将检查缓存,并从缓存中提供响应(命中)或从源中获取响应(未命中)。 The header doesn't need to be whitelisted in order to be accessible to a viewer request trigger.
标头无需白名单即可被查看者请求触发器访问。
If the backend requires a generic authentication token for a path that doesn't vary based on user, then CloudFront can inject that using Custom Origin Headers. 如果后端要求通用身份验证令牌的路径不会因用户而异,则CloudFront可以使用“自定义来源报头”注入该令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.