[英]returning response with set-cookie header in AWS Cloudfront origin request
In my CloudFront origin request lambda@edge function I want to return a response which will set a cookie value in the browser and redirects to other page.在我的 CloudFront 原始请求 lambda@edge function 中,我想返回一个响应,该响应将在浏览器中设置一个 cookie 值并重定向到其他页面。 I do it by the following return statement:
我通过以下返回语句来做到这一点:
return {
status: '302',
statusDescription: 'Found',
headers: {
location: [
{ key: 'Location', value: 'my.website.com' },
],
'set-cookie': [
{ key: 'Set-Cookie', value: 'key=value; Max-Age=600' },
]
}
};
Unfortunately CloudFront seems to remove/ignore this set-cookie
header and the browser receives a response without it.不幸的是,CloudFront 似乎删除/忽略了这个
set-cookie
header 并且浏览器收到了没有它的响应。 What's interesting, the exact same code works when placed in the CloudFront viewer-request function.有趣的是,完全相同的代码在放置在 CloudFront 查看器请求 function 中时可以工作。 Is there a way to make origin-request lambda to keep the set-cookie header in the response?
有没有办法制作原始请求 lambda 以在响应中保留 set-cookie header ?
The solution turn out to be a cache policy with Cookies - include specified cookies
option turned on with proper whitelisted cookie name.解决方案是使用
Cookies - include specified cookies
选项打开,并使用正确的白名单 cookie 名称。 The behaviour in the question is caused (as documentation states) by:问题中的行为是由以下原因引起的(如文档所述):
Don't forward cookies to your origin – CloudFront doesn't cache your objects based on cookie sent by the viewer.
不要将 cookies 转发到您的源 - CloudFront 不会根据查看器发送的 cookie 缓存您的对象。 In addition, CloudFront removes cookies before forwarding requests to your origin, and removes Set-Cookie headers from responses before returning responses to your viewers.
此外,CloudFront 在将请求转发到您的源之前删除 cookies,并在将响应返回给您的查看器之前从响应中删除 Set-Cookie 标头。
To prevent caching by whitelisted cookie name add the following header to the response: Cache-Control: no-cache="Set-Cookie"
.要防止通过列入白名单的 cookie 名称进行缓存,请将以下 header 添加到响应中:
Cache-Control: no-cache="Set-Cookie"
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.