In our project, we are trying to integrate cookie-based authentication for content accessed using cloudfront cdn. Lets say that my application domain is A.com and is being accessed from B.com. A.com's content is served via cloudfont cdn. Now B.com wants to access content from secure cloudfront cdn. Generally B.com requests A.com for content. A.com redirects the request to cloudfront cdn. B.com has to send the authentication information to cloudfront.net via cookies with the redirected request. see this for an elaborate diagram. Now, I am setting the cookies in the response header of the initial request but am unable to find it in the redirected request header to cloudfront.net domain. As a result I am getting a 403 response and unable to access the content.
1 Answers
A.com can set the necessary cookies in the user's browser who is visiting application hosted in B.com domain. These third party cookies will be stored in the user's browser. When you will access the A.com domain again, the the stored third party cookies will be sent by the user's browser automatically with the request.
I can see that you want to send the A.com domain cookies to cloudfront.net domain and the browser will not allow it. Since the required cookies are not sent with the redirected request to cloudfront.net, the request is returning a 403 forbidden response.
If you own both the cdn distribution and the A.com domain, then you may create a cname say cdn.A.com which will point to your cdn distribution. Now when the request is redirected to cdn.A.com to fetch the content, the necessary third party cookies will be sent across along with the request and the files could be accessed without any issues.
