堆栈内存溢出
  简体   繁体   English

如何在不考虑标头的情况下有时用特定标头缓存Cloudfront响应?

[英]How to cache cloudfront response sometime with a specific header and sometime without taking account the headers?

 原文  2019-09-01 13:36:31       amazon-web-services/ aws-api-gateway/ amazon-cloudfront

问题描述

I'm using Apigateway with a Cloudfront distribution. 我正在将Apigateway与Cloudfront发行版一起使用。 I've setup a custom Authorizer. 我已经设置了自定义授权者。 The distribution is configured to forward the whitelisted header Authorization . 该分发配置为转发列入白名单的标题Authorization

As an example, i've got 2 urls: 例如,我有2个网址:

  • http://domain.tld/me (the logged in user informations) http://domain.tld/me (已登录的用户信息)
  • http://domain.tld/products (the products collection) http://domain.tld/products (产品集合)

The goal is to cache /products but not based on Authorization header. 目标是缓存/products不基于 Authorization标头。 On the other side, I would like /me to be cached with Authorization header (because I don't want user B get cached information from user A ). 另一方面,我希望将/meAuthorization标头一起缓存(因为我不希望用户B从用户A获取缓存的信息 )。 The both urls are protected with the authorizer. 这两个网址均由授权者保护。

How can i do that ? 我怎样才能做到这一点 ?

1 个解决方案

解决方案1
 0  2019-09-01 20:50:00

If you need to authenticate a request based on the Authorization header before allowing them to see /products yet you don't want the object to be cached based on the Authorization header, then you can't use CloudFront with an API Gateway custom authorizer, because there is no way for CloudFront to pass a header through without caching on it -- such a configuration doesn't make sense, because CloudFront wouldn't know whether the request should be authorized at all. 如果您需要先基于Authorization标头对请求进行身份验证,然后再让它们查看/products但又不想基于Authorization标头对对象进行缓存,则无法将CloudFront与API Gateway自定义授权方一起使用,因为CloudFront无法在没有缓存的情况下传递标头-这样的配置没有意义,因为CloudFront根本不知道请求是否应被授权。

One workaround is to use a Lambda@Edge Viewer Request trigger instead of a custom authorizer, to allow/disallow access to CloudFront on the /products path based on Authorization . 一种解决方法是使用Lambda @ Edge Viewer Request触发器而不是自定义授权者,以基于Authorization允许/禁止在/products路径上访问CloudFront。 If a Viewer Request trigger returns control to CloudFront (rather that emitting its own internally-generated response) then the cache is checked and the response served from the cache (hit) or fetched from the origin (miss). 如果“查看者请求”触发器将控制权返回给CloudFront(而不是发出自己的内部生成的响应),则将检查缓存,并从缓存中提供响应(命中)或从源中获取响应(未命中)。 The header doesn't need to be whitelisted in order to be accessible to a viewer request trigger. 标头无需白名单即可被查看者请求触发器访问。

If the backend requires a generic authentication token for a path that doesn't vary based on user, then CloudFront can inject that using Custom Origin Headers. 如果后端要求通用身份验证令牌的路径不会因用户而异,则CloudFront可以使用“自定义来源报头”注入该令牌。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将缓存标头添加到Cloudfront? - How to add Cache headers to Cloudfront? 如何将标头添加到 CloudFront 响应? - How to add headers to CloudFront response? 有时无法使用 Cloudfront 流式传输 HLS MediaConvert 视频 - Sometime unable to stream HLS MediaConvert videos using Cloudfront Cloudfront:如何禁用特定查询字符串的缓存? - Cloudfront: How to disable cache for specific querystrings? 具有CloudFront-Is-Mobile-Viewer标头的cloudfront缓存 - cloudfront cache with CloudFront-Is-Mobile-Viewer header 如何在查看者响应中删除 Cloudfront 标头(Set-Cookie) - How to remove Cloudfront Headers on Viewer Response (Set-Cookie) 如何在亚马逊云端设置 Cache-Control Header? - How to set Cache-Control Header in amazon cloudfront? AWS CloudFront:缓存特定对象 - AWS CloudFront: cache specific objects Sockets 在 AWS EC2 上的某个时间后花费太多时间连接 (t3a.small) - Sockets taking too much time to connect after sometime on AWS EC2 (t3a.small) 告诉CloudFront仅缓存200个响应代码 - Tell CloudFront to only cache 200 response codes
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM