简体   繁体   中英

How to Whitelist Authorization header in cloudfront custom origin request policy

cross post from serverfault

https://serverfault.com/questions/1053906/how-to-whitelist-authorization-header-in-cloudfront-custom-origin-request-policy

The post in question, I am also running into and am seeking an answer for. I have to use the AWS-CDK and cloudformation so using non legacy work around would be ideal

I tried to make a new origin request policy that would pass through all viewer headers and I see it in my request header (authorization) but get cors No 'Access-Control-Allow-Origin' header is present on the requested resource.

Seems like you have 3 ways to forward the Authorization header:

1- Create an origin request policy and select "All viewer headers" under header options.

You cannot forward the Authorization header individually in an origin request policy, but when you forward all viewer headers CloudFront includes the Authorization header in viewer requests

2- Add the Authorization header to the cache key using a cache policy. All headers in the cache key are automatically included in origin requests

3- Use legacy cache settings

Unfortunately there is no other way around it.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM