Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Are Get request with body allowed on AWS? 403 error from CloudFront

Tags:

http

amazon-web-services

api

amazon-cloudfront

aws-sdk

I published an api to AWS with Visual Studio and using the template for AWS Serverless application project, for now I am testing the methods with postman, but all get methods that require a body are returning an error that mentions cloudfront in the response, I do not know if the issue is related to cloudfront or if it is the AWS HTTP 1.1 specification implementation that does not allow get requests with body:

Note:Get requests with body were a requirement from our client

RFC 7231 HTTP/1.1 specification says the following: A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request.

    <HEAD>
        <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
        <TITLE>ERROR: The request could not be satisfied</TITLE>
    </HEAD>
    <BODY>
        <H1>403 ERROR</H1>
        <H2>The request could not be satisfied.</H2>
        <HR noshade size="1px">
Bad request.


        <BR clear="all">
        <HR noshade size="1px">
        <PRE>
Generated by cloudfront (CloudFront)
Request ID:
</PRE>
        <ADDRESS></ADDRESS>
    </BODY>
</HTML>

so my questions are:

  1. are get request with body allowed in AWS?
  2. How AWS deals with get request with body?
  3. is there a way to make work get requests with body on AWS?

I saw almost the same question here:AWS GET request with body rejected by CloudFront

and they point to this document: https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-lambda-non-proxy-integration.html that says if you send a get request with body it returns a 400 error, but the error I am getting is 403 error

so could you clarify a little bit more? or could you point to an amazon document that mentions the restrictions on get requests?

Many Thanks

like image 218
Enrique O. G. Avatar asked Dec 03 '22 18:12

Enrique O. G.

1 Answers

GET request with Body is not allowed on CloudFront, You will get 403 if you send body, though RFC does not specifically say that you should reject GET with body but CloudFront doesn't allow that. The best option to pass body in GET request is by query string(Maximum length of a request, including headers and query strings 20,480 bytes).

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html

GET Requests That Include a Body If a viewer GET request includes a body, CloudFront returns an HTTP status code 403 (Forbidden) to the viewer.

like image 60
James Dean Avatar answered Dec 09 '22 16:12

James Dean
Sign in to Comment

Related questions

How to handle cloudfront cache after deployment
Invalid domain name identifier specified
Unable to access amazon RDS mysql instance from lightsail instance
Test connection latency between Amazon RDS instance and external server
Redirecting Puppeteer screenshot to S3
AWS S3 uploaded files not showing
aws-cli not found on macOS
AWS SNS error - Invalid parameter while publishing message using aws-cli
Can't install docker on amazon linux instance
When does SNS retry a message to Lambda, and can I force it?
How to increase _cluster/settings/cluster.max_shards_per_node for AWS Elasticsearch Service
how can i create a load balancer in AWS using the AWS java sdk
How to run a Jar in Amazon EC2?
Read replicas in RDS AWS
Error related to AWS Sqs Queue in Laravel
Cloudformation nested stack outputs in yaml
Update cloudfront configuration using awscli
S3 bucket policy: allow full access to a bucket and all its objects
Access denied on AWS s3 bucket even with bucket and/or user policy
Node JS + AWS Promise Triggered Twice

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!