ruby on rails - Cookies set, but not sent to Cloudfront -


i'm attempting use signed cookies access private content on aws cloudfront.

  • rails 4.2.1 app running in development on puma server - http://localhost:3000
  • using latest chrome (and can reproduce same in firefox , safari)

my app sets correct cookies required cloudfront, , each cookie has correct value. reference, 3 cookies need set are:

  • cloudfront-policy
  • cloudfront-signature
  • cloudfront-key-pair-id

i know values correct if grab cookies , perform curl request using them, successful (values replaced ... sake of brevity):

curl -v -b "cloudfront-signature=...; cloudfront-policy==...; cloudfront-key-pair-id==...;" http://mydistribution.cloudfront.net/myfile.jpg 

the fault

when use browser, whilst can see cookies have been set in original request server http://localhost:3000/, requests cloudfront urls (for example, in image tags) not pass on of these cookies. results in

<error><code>missingkey</code><message>missing key-pair-id query parameter or cookie value</message></error> 

any ideas why cookies not being sent cloudfront? advice , support appreciated :)

this normal: each cookie has associated domain , each request browser send cookies match url request being made for.

furthermore cannot set cookies arbitrary domains - if application on example.com can set cookies example.com , subdomains, not other domains (eg other-domain.com)

therefore if app being accessed browser localhost can't set cookies sent foo.cloudfront.net. signed cookies function in cloudfront pretty new i'm not sure recommended approach here, can configure cloudfront pass paths through app (check cloudfront documentation on behaviour , origins) @ point browser thinks talking cloudfront let set cookies sent in subsequent requests cloudfront distribution.

your app need reachable cloudfront work though, don't think work in development.

alternatively use cname cloudfront distribution , app served same domain. mean can't use default cloudfront ssl certificate, , unless sni acceptable, you'll need pay use own certificate.


Comments

Popular posts from this blog

jquery - How do you format the date used in the popover widget title of FullCalendar? -

asp.net mvc - SSO between MVCForum and Umbraco7 -

Python Tkinter keyboard using bind -