What Headers need to be whitelisted in AWS CloudFront for Parse Server

2
votes

I'm running parse server behind AWS CloudFront and I'm still trying to figure out what the best configuration would be. Currently I've configured the CloudFront behavior to:

  • Allowed HTTP Methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
  • Cached HTTP Methods: GET, HEAD (Cached by default)
  • Forward Headers: Whitelist
    • Accept-Language
    • Content-Type
    • Host
    • Origin
    • Referer
  • Object Caching: Customize:
    • Minimum TTL: 0
    • Maximum TTL: 31536000
    • Default TTL: 28800
  • Forward Cookies: All

My GET requests (using the parse REST API) seem to be cached as expected with this configuration. All requests that are made using the parse JS SDK seem to be called via POST and produce a 504 error in the browser console:

No 'Access-Control-Allow-Origin' header is present on the requested resource.

For some reasons those requests are still fullfilled by the parse server because e.g. saving Objects still stores them into my MongoDB even though there's this Access Control Origin error.

1
amazon-web-servicescachingparse-platformamazon-cloudfront
The problem was/is the CLoudFront default timeout of 30seconds. Since my DB (and production server) are located in Tokyo, requests from my german test server run more than 30 seconds which causes CloudFront to return a 504 error. So my solution for now is to completely remove CloudFront since I can't modify the default 30 seconds on AWS.flavordaaave

1 Answers

0
votes

The fix for this is not through cloud front but it will be from the Parse Server side.

In this file /src/middlewares.js add the below code and the cloud from will not thorough that exception.

var allowCrossDomain = function(req, res, next) {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
  res.header('Access-Control-Allow-Headers', 'X-Parse-Master-Key, X-Parse-REST-API-Key, X-Parse-Javascript-Key, X-Parse-Application-Id, X-Parse-Client-Version, X-Parse-Session-Token, X-Requested-With, X-Parse-Revocable-Session, Content-Type');