3

I've an static application running on CloudFront hosted by S3, and I'm trying to receive user country in my API running on EC2, without success.

CloudFront configuration:

CloudFront configuration

S3 CORS configuration:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
   <CORSRule>
      <AllowedOrigin>*</AllowedOrigin>
      <AllowedOrigin>http://*</AllowedOrigin>
      <AllowedOrigin>https://*</AllowedOrigin>
      <AllowedMethod>GET</AllowedMethod>
      <MaxAgeSeconds>3000</MaxAgeSeconds>
      <AllowedHeader>*</AllowedHeader>
      <AllowedHeader>CloudFront-*</AllowedHeader>
   </CORSRule>
</CORSConfiguration>

Preflight (OPTIONS) result from my API:

Access-Control-Allow-Credentials → true
Access-Control-Allow-Headers → Content-Type, User-Agent, Origin, Authorization, CloudFront-Viewer-Country
Access-Control-Allow-Methods → GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin → *
Access-Control-Expose-Headers → Authorization
Access-Control-Max-Age → 45537
Access-Control-Request-Headers → Content-Type, User-Agent, Origin, Authorization, CloudFront-Viewer-Country

I need to receive this header (CloudFront-Viewer-Country) into requests on my API for security purpose, but I'm not receiving it actually.

Received requests on EC2:

OPTIONS

{
  "method": "OPTIONS",
  "path": "/languages/translate",
  "headers": {
    "request": {
        "host": "xxxxxxxxx.us-west-2.elb.amazonaws.com",
        "accept": "*/*",
        "accept-encoding": "gzip, deflate, sdch",
        "accept-language": "en-US,en;q=0.8,pt;q=0.6,pt-BR;q=0.4",
        "access-control-request-headers": "accept, accept-language, authorization",
        "access-control-request-method": "GET",
        "cache-control": "no-cache",
        "origin": "http://xxxxxxxxxxxx.cloudfront.net",
        "pragma": "no-cache",
        "referer": "http://xxxxxxxxx.cloudfront.net/",
        "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
        "via": "1.1  (squid/3.4.10)",
        "x-forwarded-for": "192.168.8.68, XXX.XXX.XXX.XX",
        "x-forwarded-port": "80",
        "x-forwarded-proto": "http",
        "connection": "keep-alive"
      },
      "response": {
        "X-Content-Type-Options": "nosniff",
        "X-XSS-Protection": "1; mode=block",
        "Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
        "Pragma": "no-cache",
        "Expires": "0",
        "X-Frame-Options": "DENY",
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Methods": "GET",
        "Access-Control-Allow-Methods": "POST",
        "Access-Control-Allow-Methods": "PUT",
        "Access-Control-Allow-Methods": "DELETE",
        "Access-Control-Allow-Methods": "OPTIONS",
        "Access-Control-Max-Age": "61032",
        "Access-Control-Allow-Credentials": "true",
        "Access-Control-Allow-Headers": "Content-Type",
        "Access-Control-Allow-Headers": "User-Agent",
        "Access-Control-Allow-Headers": "Origin",
        "Access-Control-Allow-Headers": "Authorization",
        "Access-Control-Allow-Headers": "CloudFront-Viewer-Country",
        "Access-Control-Request-Headers": "Content-Type",
        "Access-Control-Request-Headers": "User-Agent",
        "Access-Control-Request-Headers": "Origin",
        "Access-Control-Request-Headers": "Authorization",
        "Access-Control-Request-Headers": "CloudFront-Viewer-Country",
        "Access-Control-Expose-Headers": "Authorization",
        "Authorization": "Bearer XXXXXXXXXXXX",
        "X-Application-Context": "application",
        "Allow": "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH",
        "status": "200"
      }
   }
}

GET

{
  "method": "GET",
  "path": "/languages/translate",
  "headers": {
    "request": {
        "host": "xxxxxxxxxxx.us-west-2.elb.amazonaws.com",
        "accept": "application/json, text/plain, */*",
        "accept-encoding": "gzip, deflate, sdch",
        "accept-language": "1",
        "authorization": "Bearer XXXXXXXXXX",
        "cache-control": "no-cache",
        "origin": "http://xxxxxxxxx.cloudfront.net",
        "pragma": "no-cache",
        "referer": "http://xxxxxxxxxxx.cloudfront.net/",
        "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
        "via": "1.1 (squid/3.4.10)",
        "x-forwarded-for": "192.168.8.68, XXX.XXX.XXX.XX",
        "x-forwarded-port": "80",
        "x-forwarded-proto": "http",
        "connection": "keep-alive"
    }
  }
}
jop
  • 41
  • 1
  • 5
  • Capture the headers that you *do* receive and show us what they look like, please. Note also that all the references to S3 and not relevant to this issue, if you are trying to receive request headers from CloudFront at an EC2 server. – Michael - sqlbot Feb 24 '16 at 16:01
  • Sample added in main question! – jop Feb 25 '16 at 18:43
  • 2
    Well, it looks like your requests are coming directly to your ELB -- no through CloudFront. You'll need to add the ELB as a second origin to the CloudFront distribution, and create cache behaviors matching the paths to be served off of this server... and then point these dynamic content links to CloudFront rather than to the ELB, if you're trying to do what it looks like you're trying to do. – Michael - sqlbot Feb 25 '16 at 21:22
  • @Michael-sqlbot thanks man, it's resolved with your explanation. I've configured ELB as second origin, and configure cache behaviour for it. Now I'm receiving user country. – jop Mar 03 '16 at 20:34

0 Answers0