I'm using Apigateway with a Cloudfront distribution. I've setup a custom Authorizer. The distribution is configured to forward the whitelisted header Authorization
.
As an example, i've got 2 urls:
http://domain.tld/me
(the logged in user informations) http://domain.tld/products
(the products collection) The goal is to cache /products
but not based on Authorization
header. On the other side, I would like /me
to be cached with Authorization
header (because I don't want user B get cached information from user A ). The both urls are protected with the authorizer.
How can i do that ?
If you need to authenticate a request based on the Authorization
header before allowing them to see /products
yet you don't want the object to be cached based on the Authorization
header, then you can't use CloudFront with an API Gateway custom authorizer, because there is no way for CloudFront to pass a header through without caching on it -- such a configuration doesn't make sense, because CloudFront wouldn't know whether the request should be authorized at all.
One workaround is to use a Lambda@Edge Viewer Request trigger instead of a custom authorizer, to allow/disallow access to CloudFront on the /products
path based on Authorization
. If a Viewer Request trigger returns control to CloudFront (rather that emitting its own internally-generated response) then the cache is checked and the response served from the cache (hit) or fetched from the origin (miss). The header doesn't need to be whitelisted in order to be accessible to a viewer request trigger.
If the backend requires a generic authentication token for a path that doesn't vary based on user, then CloudFront can inject that using Custom Origin Headers.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.