I've an static application running on CloudFront hosted by S3, and I'm trying to receive user country in my API running on EC2, without success.
CloudFront configuration:
S3 CORS configuration:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedOrigin>http://*</AllowedOrigin>
<AllowedOrigin>https://*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
<AllowedHeader>CloudFront-*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Preflight (OPTIONS) result from my API:
Access-Control-Allow-Credentials → true
Access-Control-Allow-Headers → Content-Type, User-Agent, Origin, Authorization, CloudFront-Viewer-Country
Access-Control-Allow-Methods → GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin → *
Access-Control-Expose-Headers → Authorization
Access-Control-Max-Age → 45537
Access-Control-Request-Headers → Content-Type, User-Agent, Origin, Authorization, CloudFront-Viewer-Country
I need to receive this header (CloudFront-Viewer-Country) into requests on my API for security purpose, but I'm not receiving it actually.
Received requests on EC2:
OPTIONS
{
"method": "OPTIONS",
"path": "/languages/translate",
"headers": {
"request": {
"host": "xxxxxxxxx.us-west-2.elb.amazonaws.com",
"accept": "*/*",
"accept-encoding": "gzip, deflate, sdch",
"accept-language": "en-US,en;q=0.8,pt;q=0.6,pt-BR;q=0.4",
"access-control-request-headers": "accept, accept-language, authorization",
"access-control-request-method": "GET",
"cache-control": "no-cache",
"origin": "http://xxxxxxxxxxxx.cloudfront.net",
"pragma": "no-cache",
"referer": "http://xxxxxxxxx.cloudfront.net/",
"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
"via": "1.1 (squid/3.4.10)",
"x-forwarded-for": "192.168.8.68, XXX.XXX.XXX.XX",
"x-forwarded-port": "80",
"x-forwarded-proto": "http",
"connection": "keep-alive"
},
"response": {
"X-Content-Type-Options": "nosniff",
"X-XSS-Protection": "1; mode=block",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Pragma": "no-cache",
"Expires": "0",
"X-Frame-Options": "DENY",
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET",
"Access-Control-Allow-Methods": "POST",
"Access-Control-Allow-Methods": "PUT",
"Access-Control-Allow-Methods": "DELETE",
"Access-Control-Allow-Methods": "OPTIONS",
"Access-Control-Max-Age": "61032",
"Access-Control-Allow-Credentials": "true",
"Access-Control-Allow-Headers": "Content-Type",
"Access-Control-Allow-Headers": "User-Agent",
"Access-Control-Allow-Headers": "Origin",
"Access-Control-Allow-Headers": "Authorization",
"Access-Control-Allow-Headers": "CloudFront-Viewer-Country",
"Access-Control-Request-Headers": "Content-Type",
"Access-Control-Request-Headers": "User-Agent",
"Access-Control-Request-Headers": "Origin",
"Access-Control-Request-Headers": "Authorization",
"Access-Control-Request-Headers": "CloudFront-Viewer-Country",
"Access-Control-Expose-Headers": "Authorization",
"Authorization": "Bearer XXXXXXXXXXXX",
"X-Application-Context": "application",
"Allow": "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH",
"status": "200"
}
}
}
GET
{
"method": "GET",
"path": "/languages/translate",
"headers": {
"request": {
"host": "xxxxxxxxxxx.us-west-2.elb.amazonaws.com",
"accept": "application/json, text/plain, */*",
"accept-encoding": "gzip, deflate, sdch",
"accept-language": "1",
"authorization": "Bearer XXXXXXXXXX",
"cache-control": "no-cache",
"origin": "http://xxxxxxxxx.cloudfront.net",
"pragma": "no-cache",
"referer": "http://xxxxxxxxxxx.cloudfront.net/",
"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36",
"via": "1.1 (squid/3.4.10)",
"x-forwarded-for": "192.168.8.68, XXX.XXX.XXX.XX",
"x-forwarded-port": "80",
"x-forwarded-proto": "http",
"connection": "keep-alive"
}
}
}