You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Depending on how you configure CF distribution + API Gateway + Custom Domains, can affect the Host Header that gets passed to API Gateway. It took me a couple of days to figure out what was going on. So I wanted to post here in case it helps others.
When using this plugin, a CF distribution can be setup with custom domain names, but the HOST header will always be something like: abcdef123.execute-api.us-west-2.amazonaws.com This cannot be changed. You cannot just whitelist the HOST header to be forwarded, as it breaks API Gateway.
Where as if you use Custom Domains in the API Gateway, the header is the domain name example.com, and APIG works with that. The plugin I used to setup that AWS resource is serverless-domain-manager
Some web applications like Django require that the HOST match for CSRF validation, unless you decide to override certain security settings. I didn't want to do that, so I found that in order for my application to work, I have to setup my CF through the APIG Custom Domains.
Note: In the case of 1) You can whitelist some CF Headers to be forwarded (like Origin), but not Host, as it breaks API Gateway. The best you could do is add some custom behavior with a lambda function that puts the original Host in something like: X-FORWARDED-HOST. Example: https://github.com/blueimp/aws-lambda/tree/master/cloudfront-forwarded-host
That seemed like adhoc work I wanted to avoid because I wanted my setup to be mostly automated. Maybe this plugin could setup those settings/resources automatically.
The text was updated successfully, but these errors were encountered:
Depending on how you configure CF distribution + API Gateway + Custom Domains, can affect the Host Header that gets passed to API Gateway. It took me a couple of days to figure out what was going on. So I wanted to post here in case it helps others.
When using this plugin, a CF distribution can be setup with custom domain names, but the HOST header will always be something like:
abcdef123.execute-api.us-west-2.amazonaws.comThis cannot be changed. You cannot just whitelist the HOST header to be forwarded, as it breaks API Gateway.Where as if you use Custom Domains in the API Gateway, the header is the domain name
example.com, and APIG works with that. The plugin I used to setup that AWS resource is serverless-domain-managerSome web applications like Django require that the HOST match for CSRF validation, unless you decide to override certain security settings. I didn't want to do that, so I found that in order for my application to work, I have to setup my CF through the APIG Custom Domains.
Note: In the case of 1) You can whitelist some CF Headers to be forwarded (like Origin), but not Host, as it breaks API Gateway. The best you could do is add some custom behavior with a lambda function that puts the original Host in something like:
X-FORWARDED-HOST. Example:https://github.com/blueimp/aws-lambda/tree/master/cloudfront-forwarded-host
That seemed like adhoc work I wanted to avoid because I wanted my setup to be mostly automated. Maybe this plugin could setup those settings/resources automatically.
The text was updated successfully, but these errors were encountered: