Cloudfront中的白名单授权标头 [英] whitelist Authorization header in Cloudfront
问题描述
我在PHP EC2服务器上使用OAuth2。
从S3托管的前端客户端,我向我的ElasticBeanstalk EC2服务器发出请求(前端和后端都通过具有SSL证书的Cloudfront进行服务)。
这些请求以必需的访问令牌头作为授权发送:标头...
当我遇到错误时,Cloudfront似乎会删除这些标头:
error_description:请求是缺少必需的参数,
包含无效的参数值,包含超过
的参数一次或格式错误。请检查访问令牌参数。
我试图按照
您需要具体盟友想要的 whitelist 标头,否则选择 None(改进缓存)剥离所需的标头:
I'm using OAuth2 with my PHP EC2 server.
From my frontend client hosted in S3, I'm making requests to my ElasticBeanstalk EC2 server (both frontend and backend are served through Cloudfront with SSL cert).
These requests are sent with required access token header as Authorization: header ...
It seems Cloudfront strips these headers as I'm getting error:
error_description: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "access token" parameter."
I'm trying to "whitelist" this header through Cloudfront as instructed by this documentation but find it very confusing. Where in Cloudfront can I actually add the Authorization header to accept?
Part of the docs say:
You can configure each cache behavior in a web distribution to do one of the following:
- Forward all headers to your origin
But I've already done this when I set it up:
You need to specifically whitelist headers you want, otherwise choosing None (Improves Caching) strips headers needed:
这篇关于Cloudfront中的白名单授权标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
