Recently I mounted a Symfony project on AWS, I used EC2(Docker + Nginx), a Load Balancer, and Cloudfront as the infraestructure. Now, If i access the login page from the Load Balancer URL, it allows me to sign in without a problem, and I can see that there is a Cookie on the navigator
But if I try to do the same from the Cloudfront URL, it just throws a 401, and there is no cookie, as if it didn't try to login on the first place.
On my Cloudfront distribution, I configured it to allow POST methods, and also added an origin request policy to whitelist Host, but I don't know if I should have configured something else, also checking the requests, I see that the Clodfront one has a few more response headers, one of them saying X-Cache: Error from cloudfront but I'm not sure if this might be related.
Does anyone knows what might be happening?
Ok, after trying a few things, I found the problem:
Symfony returns a Cookie when you use the default login controller, and Cloudfront's base cache policy does not support Cookies(From what I understood), so you need to create a new Cache policy(Distributions -> Select the CF distribution -> behaviour -> In cache policies, click on create new policy -> Configure the policy and save -> Return to the behaviours view, reload the list of policies, and choose the one that just created -> Save), that allows cookies.
In my case I created one that whitelist Authorization headers, and allow all cookies, this way the login started to work correctly.