带有lambda@edge的CloudFront导致CORS问题
我仅通过CloudFront配置了S3,并通过在Viewer请求中执行的Lambda保护。问题在于,由于前拨打呼叫失败,我无法访问水疗中心的文件。
当我删除lambda功能时,一切都开始起作用。这让我感到惊讶,因为Lambda根本没有修改请求。
这是我的配置:
S3:
cloudfront:
lambda@edge(通过查看器请求执行),
exports.handler = async (event, context, callback) => {
let request;
let token;
try {
request = event.Records[0].cf.request;
const headers = request.headers;
const authorization = headers['authorization'][0];
const authorizationValue = authorization.value;
token = authorizationValue.substring(7);
} catch (error) {
console.error("Missing authorization header", error);
callback(null, missingAuthorizationHeaderResponse);
}
if (token) {
try {
if (!secret) {
secret = await getSecret();
}
jwt.verify(token, secret);
console.log("Token valid");
callback(null, request);
} catch (error) {
console.error("Token not valid", error);
callback(null, invalidTokenResponse);
}
} else {
console.error("Token not found");
callback(null, missingAuthorizationHeaderResponse);
}
};
我将非常感谢帮助,因为我花了很多时间在这种情况下,谢谢!
I've configured S3 with access only through CloudFront and protected with lambda executed on Viewer request. The problem is that I'm not able to access the files from SPA because of a failing preflight call.
When I removed the lambda function everything is starting to work. This is surprising to me because lambda is not modifying the request at all.
Here is my configuration:
S3:
CloudFront:
Lambda@Edge (executed at Viewer request)
exports.handler = async (event, context, callback) => {
let request;
let token;
try {
request = event.Records[0].cf.request;
const headers = request.headers;
const authorization = headers['authorization'][0];
const authorizationValue = authorization.value;
token = authorizationValue.substring(7);
} catch (error) {
console.error("Missing authorization header", error);
callback(null, missingAuthorizationHeaderResponse);
}
if (token) {
try {
if (!secret) {
secret = await getSecret();
}
jwt.verify(token, secret);
console.log("Token valid");
callback(null, request);
} catch (error) {
console.error("Token not valid", error);
callback(null, invalidTokenResponse);
}
} else {
console.error("Token not found");
callback(null, missingAuthorizationHeaderResponse);
}
};
I will be very grateful for help since I've spent a lot of time on this case, thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
问题在于,飞行前呼叫是执行的,没有任何其他标题,在我的情况下,“授权”标题丢失并生成403。我发现通过查看lambda的日志。我添加了对Lambda的选项的处理。另外,我不得不更改S3配置才能使用可见的CORS标头进行响应。
Lambda代码:
S3:
The problem is that the preflight call are executed without any additional headers and in my case "authorization" header was missing and was generating 403. I found that by looking into logs of the lambda. I've added handling of options call to the lambda. Also I had to change s3 config to have the response with visible CORS headers.
Lambda Code:
S3: