Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are Get request with body allowed on AWS? 403 error from CloudFront

I published an api to AWS with Visual Studio and using the template for AWS Serverless application project, for now I am testing the methods with postman, but all get methods that require a body are returning an error that mentions cloudfront in the response, I do not know if the issue is related to cloudfront or if it is the AWS HTTP 1.1 specification implementation that does not allow get requests with body:

Note:Get requests with body were a requirement from our client

RFC 7231 HTTP/1.1 specification says the following: A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request.

    <HEAD>
        <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
        <TITLE>ERROR: The request could not be satisfied</TITLE>
    </HEAD>
    <BODY>
        <H1>403 ERROR</H1>
        <H2>The request could not be satisfied.</H2>
        <HR noshade size="1px">
Bad request.


        <BR clear="all">
        <HR noshade size="1px">
        <PRE>
Generated by cloudfront (CloudFront)
Request ID:
</PRE>
        <ADDRESS></ADDRESS>
    </BODY>
</HTML>

so my questions are:

  1. are get request with body allowed in AWS?
  2. How AWS deals with get request with body?
  3. is there a way to make work get requests with body on AWS?

I saw almost the same question here:AWS GET request with body rejected by CloudFront

and they point to this document: https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-lambda-non-proxy-integration.html that says if you send a get request with body it returns a 400 error, but the error I am getting is 403 error

so could you clarify a little bit more? or could you point to an amazon document that mentions the restrictions on get requests?

Many Thanks

like image 218
Enrique O. G. Avatar asked Dec 03 '22 18:12

Enrique O. G.


1 Answers

GET request with Body is not allowed on CloudFront, You will get 403 if you send body, though RFC does not specifically say that you should reject GET with body but CloudFront doesn't allow that. The best option to pass body in GET request is by query string(Maximum length of a request, including headers and query strings 20,480 bytes).

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html

GET Requests That Include a Body If a viewer GET request includes a body, CloudFront returns an HTTP status code 403 (Forbidden) to the viewer.

like image 60
James Dean Avatar answered Dec 09 '22 16:12

James Dean