kenyiu kenyiu - 1 month ago 17
PHP Question

AWS Cloudfront Signed Cookie not working on alternate domain

Problem



I have
Access Denied
for GET request to cloudfront with signed cookies using both canned and custom policy.

Details




  1. cdn.example.com
    is the alternate domain of
    abc.cloudfront.net
    , and CNAME is set on both cloudfront and cloudflare.

  2. I expect after
    abc.example.com/authorize
    ,
    cdn.example.com
    is accessible.

  3. I am using PHP with Laravel behind
    abc.example.com/authroize
    , and the code is as follows.



```

$cloudFront = new Aws\CloudFront\CloudFrontClient([
'region' => 'us-west-2',
'version' => '2014-11-06'
]);

$resourceKey = 'http://cdn.example.com';
$expires = time() + 300;

$signedCookieCannedPolicy = $cloudFront->getSignedCookie([
'url' => $resourceKey,
'expires' => $expires,
'private_key' => 'pk.pem',
'key_pair_id' => 'XXXXXXXXXXXXXX',
]);

$response = Response::success();
foreach ($signedCookieCannedPolicy as $name => $value) {
$response->withCookie(Cookie::make($name, $value, 360, null, 'example.com'));
}

return $response;


```


  1. The cookies are set for
    .example.com



enter image description here


  1. When I go to
    cdn.example.com
    , the following message is shown



enter image description here

Thanks in advance.

Answer

Turns out the issue was due to the encrypted cookies. You might want to check: https://laravel.com/api/5.2/Illuminate/Cookie/CookieJar.html#method_make And if you are using Laravel 5.2, make sure you added exception if you used middleware to encrypt.