@0xc/forward-cloudfront-proto 中文文档教程
forward-cloudfront-proto
在 CloudFront 后面为 Express 服务器提供服务时,您可能会遇到身份验证 cookie 无法正常工作的情况,并且您想大发雷霆,因为您已经验证了一切都符合规范,并且您已经仔细阅读了 MDN 文档,并且您验证了您正在设置 cookie 以确保新 SameSite 配置的安全,但天哪,它根本行不通!
That sounds like me so far, what now?
好吧,如果你设法找到了这个包,你可能正在经历我们团队已经遇到的事情。 如果您碰巧有一个架构图是以下内容的超集:
+-----+ +----------------+ +-------------+ +----------------+
| WWW | --> | Cloudfront CDN | --> | API Gateway | --> | Express Server |
+-----+ +----------------+ +-------------+ +----------------+
您可能只想使用它。 或者自己写。 这是一个非常简单的包。 至少,我可能会在 Google 上宣传一些搜索引擎优化,这将为您提供结束痛苦的解决方案。
So what is this actually good for?
Cloudfront 不转发使用标准 X-Forwarded-Proto
标头的原始协议。 其实他们的转发协议头是需要开启的,也是一个自定义的头,叫做Cloudfront-Fowarded-Proto
。 因此,请确保更新您的 Cloudfront 配置以也转发它。 您需要将其包含在请求策略的白名单中。
Enough talking, what do I do?
它被设计为一个简单的 Express 中间件,您可以将其包含在您的应用程序中。 如果您的应用程序位于 Cloudfront 后面,并且您已经将一些 Express 服务器初始化为 app
,请包括以下内容:
import { forwardCloudfrontProto } from "@0xc/forward-cloudfront-proto";
// ...
app.use(forwardCloudfrontProto);
大功告成! Express 现在将按预期处理请求,将 HTTPS 请求识别为安全请求,允许在 Chrome 中使用 SameSite,等等。
Many thanks to
您好,@beeme1mr,他在这里做了 99% 的工作来找出问题的原因。 我只是将其打包以供重复使用。
forward-cloudfront-proto
When serving an Express server behind CloudFront, you might run into a case where your authentication cookies don't work and you want to blow your brains out because you have validated that everything is up to spec, and you've pored through MDN documentation, and you validated that you are setting cookies to secure for your new SameSite configuration but for the love of god it just won't work!
That sounds like me so far, what now?
Well if you managed to find this package, you may be going through something that our team already encountered. If you happen to have an architecture diagram that is a superset of the following:
+-----+ +----------------+ +-------------+ +----------------+
| WWW | --> | Cloudfront CDN | --> | API Gateway | --> | Express Server |
+-----+ +----------------+ +-------------+ +----------------+
you just might want to use this. Or write it yourself. It's a very simple package. At the very least, I may propogate some SEO hit on Google that will give you a solution to end your suffering.
So what is this actually good for?
Cloudfront doesn't forward the original protocol using the standard X-Forwarded-Proto
header. In fact, their forwarded protocol header needs to be enabled, and it's also a custom header called Cloudfront-Fowarded-Proto
. So, make sure you update your Cloudfront configuration to forward this as well. You will need to include it in the whitelist for the request policy.
Enough talking, what do I do?
This is designed as a simple Express middleware you can include in your application. If your app is sitting behind Cloudfront and you have some Express server initialized as app
already, include the following:
import { forwardCloudfrontProto } from "@0xc/forward-cloudfront-proto";
// ...
app.use(forwardCloudfrontProto);
And you're done! Express will now handle requests as it would have expected, identifying HTTPS requests as secure, allowing use of SameSite in Chrome, and more.
Many thanks to
Kindly, @beeme1mr, who did 99% of the work here to figure out the cause of the issue. I just packaged it for re-use.