Add CloudFront Whitelist Headers to YAML template - amazon-cloudfront

I would like some assistance with CloudFront distributions and their YAML templates if anyone has experience here.
We use cloudfront for an internal CDN for media files, to get around a tainted canvas error in the UI (selecting a poster image for a video) I have manually added some headers to the white list and this resolved the issue.
This needs to be part of our automated deployments however and I cannot seem to find anything concrete on how to replicate this via a YAML template.

From CloudFormation documentation:
Specifies the headers that you want Amazon CloudFront to forward to the origin for this cache behavior (whitelisted headers). For the headers that you specify, Amazon CloudFront also caches separate versions of a specified object that is based on the header values in viewer requests.
Cookies:
Cookies
Headers:
- String
QueryString: Boolean
QueryStringCacheKeys:
- String
When navigating through AWS template documentation, use the Type links to dig further into specifications.
As an aside, I prefer to use Terraform to configure these resources:
cache_behavior {
forwarded_values {
headers = ["Host"]
}
}

Related

Setting custom header with API gateway non-proxy lambda and binary output

Is it possible to set a custom header when using lambda non proxy integrations?
At the moment I have enabled binary support and I am returning straight from my handler but I have a requirement to set the file name of the download and was planning to use Content-Disposition: attachment; filename="filename.xlsx" but I am not sure how I can do this if I have lambda proxy integration turned off.
Reading this https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-integration-settings-integration-response.html I am not sure if it only works for json responses?
The example shows the body comment as taking a json object but then says there is a base64 encoding option for binary support, but I am just returning my binary data straight from my function and I had not planned to use lambda proxy at all if possible.
I currently have files downloading but I am using temporary files and I want to name the downloads.
# In my service
with tempfile.NamedTemporaryFile(suffix=".xlsx") as tmp:
pd.DataFrame(report_json).to_excel(tmp.name)
bytes_io = BytesIO(tmp.read())
return bytes_io
# In my handler
return base64.b64encode(bytes_io.getvalue())
Using later versions of the serverless framework a custom header for example Content-Disposition can be set like the following.
Integration: lambda
response:
headers:
Content-Type: "'text/csv'"
Content-Disposition: "'attachment; filename=abc.csv'"
I am not sure yet if it is possible to interpolate values from the context into these values.

Azure Functions NodeJs: Remove Http Response Header

I have an HTTP triggered, NodeJs Azure Function, and I'm looking to remove the "X-Powered-By" header from my response, but have found no way to do so.
I've tried adding both this and this azure site extensions, but neither has worked for me,
Setting the response header manually, i.e. res.headers = { ['x-powered-by']: null } is ineffective.
Based on the comments made on this github issue: https://github.com/Azure/Azure-Functions/issues/290 it would seem that using either extension should have removed the headers you wanted.
Modifying the response headers will likely won't work as they are probably added further down the pipeline by the function host and not overridable, see:
Access Azure Function runtime settings
Azure functions recently removed the x-aspnet-version header, further removal of other headers is tracked as part of the azure-webjobs-script-sdk here
You should leave a comment on the github issue and you can further discuss with the team working on this.
There is an extension called Remove Custom Headers that works for Web Apps but not for functions that have their own resource group. So, what you can do is:
1. Create a regular Web App
2. Create a function and make sure you use the same Hosting Plan as the Web App (do not use Consumption).
3. Once the function is created, install the extension named: "Remove Custom Headers"
4. Restart the function and the headers (Server and X-Powered-By) should disappear.

Hosting images on Lambda + API gateway

I got NodeJS application running on AWS Lambda + API gateway environment.
I am deploying my app via serverless app (https://www.npmjs.com/package/serverless). My assets (including images) are packed together to zip format, sent to S3 storage and deployed via cloudfront (regular serverless flow).
Requests to images responses with 200 OK status. The problem is that they are not displaying. I have no idea where should I start to look for an issue.
I enabled binary media types in my API Gateway, and provided following types: image/gif, image/jpeg.
For example I am trying to display this image:
http://www.top13.net/wp-content/uploads/2015/10/perfectly-timed-funny-cat-pictures-5.jpg
Here is URL to it in my app:
http://angular-universal-serverless.maciejtreder.com/assets/img/cat.jpg
Is it even possible to display images this way? Maybe I should upload them to S3 storage?
Here are some entries from logs (before enabling binary media types):
http://www.heypasteit.com/clip/0IILRO
and after enabling:
http://www.heypasteit.com/clip/0IILS2
I have solved problem, by my own.
Here is boilerplate repository: https://github.com/maciejtreder/angular-universal-serverless
The point was to encode files on Lambda side, and send it in encoded form to API GW with proper headers.
I had this problem on Angular 12.0.5 using regular angular-universal (ng add #nguniversal/express-engine), serverless and #vendia/serverless-express.
The solution was:
1 - Add the media types in the API Gateway:
2 - Add apiGateway.binaryMediaTypes on my serverless.yml file:
provider:
...
apiGateway:
binaryMediaTypes:
- '*/*'

Getting an object's links in Rackspace cloud files API

I am using the Java jclouds API for access to my Rackspace cloud files account.
I can create and list containers, and upload objects, but I can't figure out how to get the public links for an uploaded object. (I can see these public links from within the Rackspace control panel, by right-clicking on the object - there are 4 types: HTTP, HTTPS, Streaming, iOS Streaming).
The closest I can get is by using object.getInfo() to get the object's metadata. This includes a URI, but this doesn't resemble the public links I find from within the control panel.
Anyone know what I'm doing wrong?
I figured it out...
First, I should get the public URI of the object's container, not from the object.
Then I use a CloudFilesClient object. On the container I need to use getCDNMetadata("containername").getCDNUri()
Here is more information and some sample code to get the specific file CDN address.
For more details you can checkout the Java guide:
https://developer.rackspace.com/docs/cloud-files/quickstart/?lang=java
First get the cloud files api:
CloudFilesApi cloudFilesApi = ContextBuilder.newBuilder("rackspace-cloudfiles-us")
.credentials("{username}", "{apiKey}")
.buildApi(CloudFilesApi.class);
From there you can query the container:
CDNApi cdnApi = cloudFilesApi.getCDNApi("{region}");
CDNContainer cdnContainer = cdnApi.get("{containerName}");
Now with that CDNContainer you can get the specific web address that you need:
URI httpURI = cdnContainer.getUri();
URI httpsURI = cdnContainer.getSslUri();
This will get you the base URI for the container. Now to get the final address for your specific file you will need to append /{"your_file_name.extension"} to the end of the address. For example if my base URI was converted to a URL then to a String it may look like:
http://123456asdf-qwert987653.rackcdn.com/
From here I can get a file with the name example.mp4 with the following address:
http://123456asdf-qwert987653.rackcdn.com/example.mp4
This all assumes that you have already enabled CDN on the container.

setting Access-Control-Allow-Origin using Rackspace Cloud Java API

I am using the Java API for uploading files to Rackspace Cloud. I am trying to figure out how to set the header "Access-Control-Allow-Origin" on the files that I am uploading. I found another link that talks about setting this header using Python Binding here:
Setting Access-Control-Allow-Origin (CORS) in the Rackspace Cloud Files Python API
Is there a similar API with Java Binding as well? I can't seem to find it.
Thanks!
I'm not much of a Java guy, but per this it looks like metadata needs to be set on your containers, with a key of X-Container-Meta-Access-Control-Allow-Origin, and a value of a space separated list of allowed origins.
Thus you need to use whatever function is used to set container metadata for the jclouds API.
It appears that this could be done on creation like so (based on adaptation of this code):
CreateContainerOptions options = CreateContainerOptions.Builder
.withMetadata(ImmutableMap.of("Access-Control-Allow-Origin", "*"));
swift.getApi().createContainer(Constants.CONTAINER, options);
Looking through the docs, I found the following function in org.jclouds.openstack.swift.CommonSwiftClient:
boolean setContainerMetadata(String container,
Map<String,String> containerMetadata)
It therefore looks like you should be able to do what you're looking for with something like the following:
swift.getApi().setContainerMetadata(container, ImmutableMap.of("Access-Control-Allow-Origin", "*"));

Resources