You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It’s common to add headers to Nginx or Apache to ensure request origin matches the base. But I have no nginx here.
I could modify headers at the cloudfront distribution by running some JavaScript on each request :(
But, the (non standard) header with the information I require is there. So, I’m considering adding middleware to my rails app in line with this suggestion to handle CloudFlare’s similar non standard header. rails/rails#22965 (comment)
Alternatively, as the Cloudfront header is fairly simple (the cloudflare one is Json while this is just text), is there appetite to add the handling of this cloudfront header to Rack?
perhaps after checking forwarded, then x-forwarded headers it could check third party CDN headers?
If there is appetite I would be happy to contribute (this is permission request, not a labor request)
The text was updated successfully, but these errors were encountered:
I don't think it is appropriate to do this by default in Rack (doing so would unfairly favor a single vendor, and results in a slippery slope). However, I would be OK shipping a middleware with Rack or adding a feature to Rack::Request that allowed users to customize which headers to treat as as x-forwarded headers.
Instead of X-Forwarded-scheme headers, cloudfront sends CloudFront-Forwarded-Proto with http or https as the value.
see: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-cloudfront-headers.html#cloudfront-headers-other
My current setup is
cloudfront -> ALB -> puma (on ECS)
It’s common to add headers to Nginx or Apache to ensure request origin matches the base. But I have no nginx here.
I could modify headers at the cloudfront distribution by running some JavaScript on each request :(
But, the (non standard) header with the information I require is there. So, I’m considering adding middleware to my rails app in line with this suggestion to handle CloudFlare’s similar non standard header. rails/rails#22965 (comment)
Alternatively, as the Cloudfront header is fairly simple (the cloudflare one is Json while this is just text), is there appetite to add the handling of this cloudfront header to Rack?
perhaps after checking forwarded, then x-forwarded headers it could check third party CDN headers?
If there is appetite I would be happy to contribute (this is permission request, not a labor request)
The text was updated successfully, but these errors were encountered: