[英]AWS API Gateway - lambda integration missing authorization header
My API includes various GET, POST and DELETE endpoints set up in AWS API Gateway.我的 API 包括在 AWS API 网关中设置的各种 GET、POST 和 DELETE 端点。 Each endpoint is integrated with Lambda and calls its own Lambda python function.
每个端点集成Lambda,调用自己的Lambda python function。
I have set up authorization manually (not through AWS authorizers): I call the endpoints with a bearer token in the "Authorization" header, and the Lambda functions access event["headers"]["Authorization"]
to obtain the token.我已经手动设置了授权(不是通过 AWS 授权者):我在“授权”header 中使用不记名令牌调用端点,Lambda 函数访问
event["headers"]["Authorization"]
以获取令牌。 This works fine for POST and DELETE endpoints.这适用于 POST 和 DELETE 端点。 However, when calling GET endpoints, the "Authorization" header is missing from the
event["headers"]
object (only other headers added by AWS are present).但是,在调用 GET 端点时,
event["headers"]
object 中缺少“授权”header(仅存在 AWS 添加的其他标头)。
I have tried calling the GET endpoints through various methods.我尝试通过各种方法调用 GET 端点。 Also worth mentioning that this is not a case sensitivity issue - the token I provide is not found anywhere in the
events
object.另外值得一提的是,这不是区分大小写的问题——我提供的令牌在
events
object 中的任何地方都找不到。
All my endpoints are configured like this in API Gateway:我所有的端点在 API 网关中都是这样配置的:
Does API Gateway or Lambda remove the "Authorization" automatically for GET calls? API 网关或 Lambda 是否自动删除 GET 调用的“授权”?
As you've mentioned that you use CloudFront in front of your API gateway, I believe I know what the problem is.正如您提到的在 API 网关前使用 CloudFront,我相信我知道问题出在哪里。
By default, CloudFront strips away params and headers from the request before forwarding it to origin.默认情况下,CloudFront 在将请求转发到源之前从请求中剥离参数和标头。 You need to modify your cache behaviour to forward the Authorization header to origin.
您需要修改缓存行为以将授权 header 转发到源。
Go to your CloudFront distribution, and edit the behaviour for that distribution. Go 到您的 CloudFront 分配,并编辑该分配的行为。 Then, scroll down to 'Cache key and origin requests'.
然后,向下滚动到“缓存键和源请求”。
You need to create a new cache policy that forwards the Authorization header, like so:您需要创建一个转发授权 header 的新缓存策略,如下所示:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.