cphill cphill - 1 month ago 28
Node.js Question

CloudFront Debugging Missing Cookie Value

I have had a difficult time determining what needs to be done with my CloudFront setup to be able to get my signed cookie setup working. I have carefully followed the steps and using a module with NodeJS to handle the cookie generation (https://github.com/jasonsims/aws-cloudfront-sign). With my current setup, cookies are being set for my application located at

beta.my-site.com
, but not appearing in either the request and response cookies when a link on my application accesses a file behind the cloudfront distribution (
files.my-site.com
). This has been frustrating because I feel like I have looked at everything and only have a few clues as to why my setup might not be working.

1) The first thing that stands out is that there isn't a domain name set for the cookies, this might be an issue as cookies should be able to persist through sub-domains as long as the domain remains the same.

2) Is there a way to test my cookies from
curl
to make sure that it doesn't have to do with the cookies I am setting? Unfortunately, due to the strictness of cloudfront and the need for cookies to have the same hostname as the cloudfront distribution configuration, it is not possible to test from
localhost
.

Filenames and keys randomly generated and not real.

Cloudfront distribution configuration:

Distribution Status: Deployed
Alternate Domain Names (CNAMEs): files.my-site.com, beta.my-site.com, *.my-site.com
SSL Certification: *.my-site.com (bjdsofjwpefsd4235)
Domain Name: uhr82459shfngbc.cloudfront.net
Custom SSL Client Support: SNI
Origin Domain Name: files-beta.s3.amazonaws.com
Restrict Bucket Access: Yes
Your Identities: access-identity-files-beta.s3.amazonaws.com
Viewer Protocol Policy: HTTPS Only
Allows HTTP Methods: GET, HEAD
Restrict Viewer Access: Yes
Trusted Signers: Self


Route 53:

beta.my-site.com CNAME server-beta.elasticbeanstalk.com
file.my-site.com A ALIAS uhr82459shfngbc.cloudfront.net


Cookies set in my application (
beta.my-site.com
):


enter image description here

Cookies set when the file is accessed (
files.my-site.com
):

enter image description here

Current code setup:

var express = require('express');
var router = express.Router();
var passport = require('passport');
var crypto = require('crypto');
var moment = require('moment');
var path = require('path');
var fs = require('fs');
var cf = require('aws-cloudfront-sign');
var metaTags = require('./meta-routes');
var cfPK = fs.readFileSync(path.join(__dirname + /config/pk-UHANFBYH54248.pem));

var cfOptions = {
keypairId: 'E5YGBKNfsdfds472',
privateKeyString: cfPK
}

var signedCookies = cf.getSignedCookies('https://files.my-site.com/*', cfOptions);

function isLoggedIn(req, res, next) {
if (req.isAuthenticated())

for(var cookieId in signedCookies) {
res.cookie(cookieId, signedCookies[cookieId]);
}

return next();
res.redirect('/login');
}


Behavior setup:
enter image description here

Answer

The biggest issue has to do with the N/A value in the domain attribute of my Cloudfront Request Cookies. In order to pass the cookies from the parent domain to the subdomain, this attribute needs to have the value of the hostname.