New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix capitalization of Authorization header for AWS_PROXY integration #10500
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Thanks for implementing changes so quickly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great insights @bentsku , interesting behavior by API GW, again! 🤷 :)
Also kudos for updating/enhancing the snapshot transformers along the way.. 👌
@@ -276,11 +276,20 @@ def construct_invocation_event( | |||
single_value_query_string_params = { | |||
k: v[-1] if isinstance(v, list) else v for k, v in query_string_params.items() | |||
} | |||
# Some headers get capitalized like in CloudFront, see | |||
# https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html#add-origin-custom-headers-forward-authorization | |||
# It seems AWS_PROXY lambda integrations are behind cloudfront, as seen by the returned headers in AWS |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Out of curiosity - presumably that's only relevant for AWS_PROXY
integrations, not for regular AWS
integrations, right? Not something we need to cover here, was just curious if you had some insights into that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right! I had the same question, it should not be relevant for other AWS
integrations because we selectively pass headers to the integration via request parameters.
However, I wonder if it's relevant to HTTP_PROXY
integrations. However, we do not have good validated tests in community yet. But I keep a note for the next refactor for this kind of thing 😄 good to keep in mind! 👌
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cloutierMat had a very good insight about this: this is only the case for Edge optimized API endpoints: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-endpoint-types.html
We should probably fix this in a next iteration, as this is quite the edge case, but this really good to know.
Motivation
As reported in #10437, we were missing the capitalization of Authorization header in API Gateway AWS_PROXY integration.
This is a weird fix, because it seems that AWS_PROXY integrations are behind CloudFront in some way, because it returns CloudFront headers even if not configured. The user does not have any say in the configuration of said "default" cloudfront distribution. But it seems to have the same logic around the Authorization header.
See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html#add-origin-custom-headers-forward-authorization
Changes
\cc @giograno @Morijarti