kenyiu kenyiu - 10 months ago 144
PHP Question

AWS Cloudfront Signed Cookie not working on alternate domain


I have
Access Denied
for GET request to cloudfront with signed cookies using both canned and custom policy.


    is the alternate domain of
    , and CNAME is set on both cloudfront and cloudflare.

  2. I expect after
    is accessible.

  3. I am using PHP with Laravel behind
    , and the code is as follows.


$cloudFront = new Aws\CloudFront\CloudFrontClient([
'region' => 'us-west-2',
'version' => '2014-11-06'

$resourceKey = '';
$expires = time() + 300;

$signedCookieCannedPolicy = $cloudFront->getSignedCookie([
'url' => $resourceKey,
'expires' => $expires,
'private_key' => 'pk.pem',
'key_pair_id' => 'XXXXXXXXXXXXXX',

$response = Response::success();
foreach ($signedCookieCannedPolicy as $name => $value) {
$response->withCookie(Cookie::make($name, $value, 360, null, ''));

return $response;


  1. The cookies are set for

enter image description here

  1. When I go to
    , the following message is shown

enter image description here

Thanks in advance.

Answer Source

Turns out the issue was due to the encrypted cookies. You might want to check: And if you are using Laravel 5.2, make sure you added exception if you used middleware to encrypt.