I’m using the serverless-api-cloudfront plugin to front my api-gateway and lambda function. However, it doesn’t seem that the Authorization header is being forwarded, so I can’t use an authorizer function. After the deploy, if I call the api-gw endpoint directly, the Authorization header gets through, but if I call it via cloudfront, I get an unauthorized repsonse and there’s no Authorization header on that call. If I go into the cloudfront manually and change the cache control to forward the header, it will begin to work. After the manual edit of cloudfront, the important part of the deployed cloudfront json looks like this:
"DefaultCacheBehavior": {
"TargetOriginId": "ApiGateway",
"ForwardedValues": {
"QueryString": true,
"Cookies": {
"Forward": "all"
},
"Headers": {
"Quantity": 1,
"Items": [
"Authorization"
]
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
But when I deploy via serverless, it always looks like this:
"DefaultCacheBehavior": {
"TargetOriginId": "ApiGateway",
"ForwardedValues": {
"QueryString": true,
"Cookies": {
"Forward": "all"
},
"Headers": {
"Quantity": 0
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
That json matches what is in cloudformation-template-update-stack.json
in the .serveless directory. I tried changing the serverless yaml file to add the header forwarding with this:
plugins:
- serverless-api-cloudfront
apiCloudFront:
defaultCacheBehavior:
forwardedValues:
headers:
quantity: 1
items:
- Authorization
But that doesn’t seem to have any effect. Am I doing something wrong? Has anyone else hit this and if so, were you able to solve it? I also posted on the plugin’s github, but I though I’d ask here as well in case someone else might have some insight.
Thanks!