CloudFront forwarding Custom Headers to Origin but with null Values

0
votes

I am using AWS EC2 for last couple of years. Now I want to enable HTTPS on my application developed in ASP. NET WEB API with front-end in AngularJS. For that I made a CloudFront distribution. It has successfully loaded the static files and called the REST API on EC2 hosted in IIS. But unfortunately the custom headers have null as a value when the requests came from CloudFront to my origin.

I have done the following relevant configurations on CloudFront distribution.

Following is my setting for custom origin headers. origin

Following is my setting for cache behaviors. cache behav

Further setting included the following:

  • Whitelist Cookies: Authorization, VDName
  • Query String Forwarding and Caching: Forward all, cache based on all
  • Origin Protocol Policy: HTTP Only
  • Viewer Protocol Policy: Redirect HTTP to HTTPS

My app has a login page where no Authorization is required. On successful login the app sets three custom headers.

  1. Authorization
  2. x-working-company
  3. x-working-branch

My app is successfully logging in the users but then logging them out automatically. So, To check this issue I wrote the following little code in my Authorization class to check the header values.

valToUpd.Add("S6", "CHK1");
valToUpd.Add("S7", "Before Null");
valToUpd.Add("S8", request.Headers.Count().ToString());
valToUpd.Add("S9", request.Headers.GetValues("Authorization").Single());
valToUpd.Add("S10", request.Headers.GetValues("x-working-company").Single());
valToUpd.Add("S11", request.Headers.GetValues("x-working-branch").Single());
var toUpdt = "";
if (request.Headers.Any(x => x.Key == "Authorization"))
    toUpdt = "A-";
if (request.Headers.Any(x => x.Key == "x-working-company"))
    toUpdt += "C-";
if (request.Headers.Any(x => x.Key == "x-working-branch"))
    toUpdt += "B-";
var ds = request.Headers.Where(x => x.Key == "x-working-branch").Select(c => c.Value);
toUpdt += " br val = ";
foreach (var item in ds)
{
    foreach (var i in item)
    {
        toUpdt += i + " - ";
    }
}
valToUpd.Add("S12", toUpdt);
usersHelperAdo.Update("Users", whereClause, valToUpd); // Its my DAL method to update values in Users table as per the where clause.

And as expected the CloudFront do forward the headers to my origin but with null values. The results are as follows:

Database vals

Following is the FireFox developer mode, where my front end is sending the request to CloudFront with all the custom headers with appropriate values. But then CloudFront is forwarding those headers to origin but making the values null.

FireFox developer mode

So, what am I doing wrong? Why CloudFront pass null as a value in my headers. Any help is highly appreciated. Many Thanks!

EDIT

I tried to hit the API's with Postman and following are the screenshots.

The following shows my call to the Login method and as expected it returns the Auth token with other custom headers set in the response.

Postman Login

I extracted the required headers from response and send another GET request and received the following.

Postman GET call

It throws 403 forbidden error. Its weird that in browser dev mode it throws 401 Unauthorized error and in Postman it is 403 Forbidden.

Any help. Thanks

1
amazon-web-servicesasp.net-web-apiamazon-ec2amazon-cloudfront

1 Answers

1
votes

Setting Origin Custom Headers will have CloudFront include them in every request to your origin and if a header is already supplied it is overridden. This is not what you want and this explains why you see null values (you added your headers without values).

Origin Custom Headers should be used for constant values only or when you explicitly need to override a header.

In your case, you need to whitelist the headers in the Cache Behavior Settings by entering x-working-branch and x-working-company in the Whitelist Headers section and by clicking Add Custom >> as show here:

enter image description here

(I kept your Authorization and Host headers)

Please note that forwarding headers impacts caching: separate versions are created based on the header values. See also Caching Content Based on Request Headers. This means that different combinations of Authorization, Host, x-working-branch and x-working-company will lead to different versions (this is obviously what you want here to avoid serving the same content to different users). This is also valid for query strings and cookies.

It is really important to understand how CloudFront caches objects. The most important part of the documentation is Managing How Long Content Stays in an Edge Cache (Expiration)