For each product on my website I have a page that promotes a few book from Amazon. I get the books using a query to AWSECommerceService from my web server. The XML I receive from Amazon contains a list of books with information such as title, price, image-url, etc. I use those info to generate my website page.
The images URLs provided by Amazon are all HTTP, while I need to publish them using an the HTTPS protocol in order to avoid warnings for the page visitors at the browser lever. Just replacing HTTP with HTTPS doesn't work.
Example:
http://ecx.images-amazon.com/images/I/51tD0SDNMeL.SX166.jpg => OK
https://ecx.images-amazon.com/images/I/51tD0SDNMeL.SX166.jpg => ERR_CERT_COMMON_NAME_INVALID
Any suggestion?
I just found out that the same images can be accessed via HTTPS on a different amazon.com sub-domain:
Replacing 'http://ecx.images-amazon.com' with 'https://images-na.ssl-images-amazon.com' will generate a perfectly working URL.
The image in the example in my question can be successfully accessed via https at the following URL:
https://images-na.ssl-images-amazon.com/images/I/51tD0SDNMeL.SX166.jpg
Related
I have a Lambda function (a packaged next.js app) which I'm trying to access via CloudFront. The web app works unless I try to hit the homepage.
When I hit /search or /video/{videoId} the page loads just fine.
When I try to hit the homepage, I get the following error page:
502 ERROR
The request could not be satisfied.
The Lambda function returned invalid JSON: The JSON output is not parsable. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
Request ID: {id}
Why would just the homepage be invalid JSON? Where can I see this JSON to determine what is wrong? I created a mock Cloudfront request test in the Lambda function and it just returns successfully.
The problem was due to the 1 MB size limit of CloudFront Lambda#Edge responses. I didn't realize that Next.js's serverside rendering was creating a large <script id="__NEXT_DATA__"> tag on my homepage with all the fetched info from my API duplicated multiple times over. This resulted in my app's homepage being >2 MB.
I refactored my app to only send one network request, and made sure that data is only put into the __NEXT_DATA__ tag once. The app now works.
Here is an image of the general idea I want to accomplish
I have a react application that is hosted as a Zendesk app via an iFrame from subdomain.zendesk.com, the iFrame fetches the content from Cloudfront / S3 (using S3 Origins) and displays it within the Zendesk UI.
I'm trying to secure it and want to restrict access to the content to a specific origin (subdomain.zendesk.com for example) so that if anyone was to view the Cloudfront distribution directly (by navigating to xxxx.cloudfront.net) it would reject the request.
How can this be achieved? I have tried using AWS WAF and creating a rule that looks at the request origin header and matches it against the subdomain url (example origin: subdomain.zendesk.com) but that doesn't work so I think i'm barking up the wrong tree using that.
I have also tried creating a custom origin request policy on the distributions behaviour but again that didn't yield any results.
Zendesk does offer signed url functionality where the initial request becomes a POST request to the server that contains a JWT as form data in the request payload, I read that it might be possible to use Lambda#edge to accomplish this, I tried to implement this but I have not had any luck so far.
Any tips, examples or outlines as to what I am misunderstanding about these services would be very much appreciated.
In order to get a better support from the community, share the specific use-cases in your question and share in detail what you tried and what are the errors.
There are various ways to achieve what you mentioned in the picture:
Create multiple CloudFront Distributions for each domain and they can have either same or unique origins as per the need
Instead of domain, redirect traffic using "paths" or "routes" for e.g.: same-domain.com/path1 same-domain.com/path2 etc
Use Lambda#Edge and redirect the traffic based on domains
you can't have redirection (Behaviours functionality of CloudFront) using multiple domains
I am using AWS codestar to deploy by react application using serverless nodejs template. This is the url that is given by codestar after successfully completion of all the stages https://xxxxx.execute-api.us-east-1.amazonaws.com/Prod . This url displayed all the components in my app correctly. In navbar of my app i have items like this a ,b,c. where clicking on each one of them will redirect to a new component.(i.e.https://xxxxx.execute-api.us-east-1.amazonaws.com/a,https://xxxxx.execute-api.us-east-1.amazonaws.com/b etc. But when i refresh the page which is having a url like this https://xxxxx.execute-api.us-east-1.amazonaws.com/b i am getting a error like {"message":"Forbidden"} and in my console it is showing like this favicon.ico:1 GET https://xxxx.execute-api.us-east-1.amazonaws.com/favicon.ico 403
It seems the chrome is fetching the favicon based on the https link, which fails because there is no such favicon at the location. I tried to remove favicon.ico link in index.html but even then the chrome is using the same url to fetch the favicon which eventually fails. I followed max number of suggestions in SO to acheive this but no luck. Is there any way to say api-gateway to exclude these favicon get requests and display my app rather than showing message forbidden.
And i am pretty sure that i had enabled logs for both the agi-gateway and lambda where i didnt find any forbidden errors(i.e.403) which is weird because i can see those 403 errors in my console.
Thanks
Any help is highly appreciated.
The https://xxxxx.execute-api.us-east-1.amazonaws.com/Prod url provided by API Gateway is the base url for your site, so those paths would have to be /Prod/a instead of /a.
One way to get around that is to register your own domain and connect it to API Gateway via a custom domain. That would allow you to have https://example.com as your base url, and your paths could stay /a, /b, etc.
We have created a website which is served right now on Heroku. This website has a search bar in the navbar and I wanted to use Freefind search service for the backend. The search result I receive from it are all over the HTTP server and Heroku server will not load it.
I want them to work fine just as they work on localhost. What can I do?
The app is Django based and I tried to google custom search but it didn't work for me.
You can't load most HTTP content on HTTPS domains. Loading HTTP images is fine, but is still discouraged. This is called mixed content blocking, which is a browser's feature.
The only thing you can do is to find out if freefind's search service supports HTTPS. You can try changing the URL to https://search.freefind.com/... and see if it works. Or contact freefind and ask them if they support HTTPS. If they don't support HTTPS, you have to find a different company's search service.
Here's our current setup: (assume everything is using https)
Web Services server running a simple asp.NET Web API 2 application that returns only JSON. (api.example.com/controller/blah)
Primary web server that's going to contain scripts that use AJAX to access resources through our Web Services.
My end goal is to not have to deal with CORS because IE is being problematic. (I've tried several jQuery plugins to resolve problems with XDomainRequest, on top of our domain security settings causing IE to deny the requests anyways... it's just a mess.)
Route requests from www.example.com/api/* to api.example.com/* and return the JSON response.
However, when I've attempted to set this up with IIS + URL Rewrite + Application Request Routing (ARR) I get the following message when attempting to load up my url:
502 - Web server received an invalid response while acting as a gateway or proxy server.
There is a problem with the page you are looking for, and it cannot be
displayed. When the Web server (while acting as a gateway or proxy)
contacted the upstream content server, it received an invalid response
from the content server.
My setup in IIS is the following:
In ARR, I just ticked the Enable proxy option.
In URL Rewrite, I set up a rule with:
Match PRL Pattern = api/* (Using wildcards)
Action type = Rewrite
Rewrite URL: = api.example.com/{R:1}
I've made sure I can access the web services and data is returned correctly from the context of my web server. I've made sure the actual URL Rewrite rule is being triggered and forwarding the request correctly... but after that, I'm stuck. Any ideas?