CodeDump
cphill cphill - 8 months ago 71
Node.js Question

CloudFront Debugging Missing Cookie Value

I have had a difficult time determining what needs to be done with my CloudFront setup to be able to get my signed cookie setup working. I have carefully followed the steps and using a module with NodeJS to handle the cookie generation (https://github.com/jasonsims/aws-cloudfront-sign). With my current setup, cookies are being set for my application located at

beta.my-site.com
, but not appearing in either the request and response cookies when a link on my application accesses a file behind the cloudfront distribution (
files.my-site.com
). This has been frustrating because I feel like I have looked at everything and only have a few clues as to why my setup might not be working.

1) The first thing that stands out is that there isn't a domain name set for the cookies, this might be an issue as cookies should be able to persist through sub-domains as long as the domain remains the same.

2) Is there a way to test my cookies from
curl
to make sure that it doesn't have to do with the cookies I am setting? Unfortunately, due to the strictness of cloudfront and the need for cookies to have the same hostname as the cloudfront distribution configuration, it is not possible to test from
localhost
.

Filenames and keys randomly generated and not real.

Cloudfront distribution configuration:

Distribution Status: Deployed

Alternate Domain Names (CNAMEs): files.my-site.com, beta.my-site.com, *.my-site.com

SSL Certification: *.my-site.com (bjdsofjwpefsd4235)

Domain Name: uhr82459shfngbc.cloudfront.net

Custom SSL Client Support: SNI

Origin Domain Name: files-beta.s3.amazonaws.com

Restrict Bucket Access: Yes

Your Identities: access-identity-files-beta.s3.amazonaws.com

Viewer Protocol Policy: HTTPS Only

Allows HTTP Methods: GET, HEAD

Restrict Viewer Access: Yes

Trusted Signers: Self


Route 53:

beta.my-site.com CNAME server-beta.elasticbeanstalk.com

file.my-site.com A ALIAS uhr82459shfngbc.cloudfront.net


Cookies set in my application (
beta.my-site.com
):

enter image description here

Cookies set when the file is accessed (
files.my-site.com
):
enter image description here

Current code setup:

var express = require('express');

var router  = express.Router();

var passport = require('passport');

var crypto = require('crypto');

var moment = require('moment');

var path = require('path');

var fs = require('fs');

var cf = require('aws-cloudfront-sign');

var metaTags = require('./meta-routes');

var cfPK = fs.readFileSync(path.join(__dirname + /config/pk-UHANFBYH54248.pem));



var cfOptions = {

    keypairId: 'E5YGBKNfsdfds472',

    privateKeyString: cfPK

}



var signedCookies = cf.getSignedCookies('https://files.my-site.com/*', cfOptions);



function isLoggedIn(req, res, next) {

    if (req.isAuthenticated())



        for(var cookieId in signedCookies) {

            res.cookie(cookieId, signedCookies[cookieId]);

        }



        return next();

    res.redirect('/login');

}


Behavior setup:
enter image description here

cphill cphill
Answer

The biggest issue has to do with the N/A value in the domain attribute of my Cloudfront Request Cookies. In order to pass the cookies from the parent domain to the subdomain, this attribute needs to have the value of the hostname.

Source (Stackoverflow)

http://stackoverflow.com/questions/40098514/cloudfront-debugging-missing-cookie-value

Sign up

Sign up with GitHub