fix capitalization of Authorization header for AWS_PROXY integration #10500
Conversation
bentsku
added
aws:apigateway
| @@ -276,11 +276,20 @@ def construct_invocation_event( | |||
| single_value_query_string_params = { | |||
| k: v[-1] if isinstance(v, list) else v for k, v in query_string_params.items() | |||
| } | |||
| # Some headers get capitalized like in CloudFront, see | |||
| # https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html#add-origin-custom-headers-forward-authorization | |||
| # It seems AWS_PROXY lambda integrations are behind cloudfront, as seen by the returned headers in AWS | |||
There was a problem hiding this comment.
nit: Out of curiosity - presumably that's only relevant for AWS_PROXY integrations, not for regular AWS integrations, right? Not something we need to cover here, was just curious if you had some insights into that.
There was a problem hiding this comment.
You're right! I had the same question, it should not be relevant for other AWS integrations because we selectively pass headers to the integration via request parameters.
However, I wonder if it's relevant to HTTP_PROXY integrations. However, we do not have good validated tests in community yet. But I keep a note for the next refactor for this kind of thing 😄 good to keep in mind! 👌
There was a problem hiding this comment.
@cloutierMat had a very good insight about this: this is only the case for Edge optimized API endpoints: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-endpoint-types.html
We should probably fix this in a next iteration, as this is quite the edge case, but this really good to know.
Motivation
As reported in #10437, we were missing the capitalization of Authorization header in API Gateway AWS_PROXY integration.
This is a weird fix, because it seems that AWS_PROXY integrations are behind CloudFront in some way, because it returns CloudFront headers even if not configured. The user does not have any say in the configuration of said "default" cloudfront distribution. But it seems to have the same logic around the Authorization header.
See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html#add-origin-custom-headers-forward-authorization
Changes
\cc @giograno @Morijarti