Authorization Headers Missing in GET Request Cloudfront

Note: Updates logs below

We have a NestJS application running in an EC2 instance on port 7001, which is sitting behind a Nginx reverse proxy on port 80 & 443. Our API URL is aliasing a Cloudfront endpoint, which enables and forces HTTPS and forwards all calls to our EC2 instance.

We’re currently experiencing an issue where our POST calls contain our Auth headers, but our GET calls do not…

Little script in main.ts to illustrate the issue:

app.use((req: any, res: any, next: any) => {
  console.log('METHOD:', req.method);
  console.log('AUTHORISATION:', req.get('Authorization'));
  next()
})

PM2 Logs:

0|gateway  | METHOD: POST
0|gateway  | AUTHORISATION: Bearer eyJ...gLk
0|gateway  | METHOD: GET
0|gateway  | AUTHORISATION: undefined
0|gateway  | METHOD: POST
0|gateway  | AUTHORISATION: Bearer eyJ...gLk

Where would this issue originate from? Here are a few pics of our AWS setup:

CORS

CORS

CLOUDFRONT BEHAVIOUR

CLOUDFRONT BEHAVIOUR

CLOUDFRONT ORIGIN

CLOUDFRONT ORIGIN

Nginx Setup sites-available

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        server_name api.example.io example.io;

        location / {
                proxy_pass http://localhost:7001;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection '';
                proxy_set_header Host $host;
                proxy_pass_header Authorization;
                proxy_cache_bypass $http_upgrade;
        }
}

Many thanks 🙂

UPDATES:

After digging around, a GET call directly to our EC2 instance went through, so that eliminates Nginx and any code problems… It must be coming from CloudFront…

  • Try adding the host and authorization headers to the cloudfront origin

    – 

Leave a Comment