Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to make Serverless return 404 instead of 403 for non-existing endpoints?

I tried the Serverless framework following the instructions to create the Hello World application. Everything works well, calling the [url]/dev/hello-world returns 200 response with the json output as expected.

By default, looks like the response for non-existing endpoints is 403 http status code with json {"message":"Missing Authentication Token"}.

I'd like to host a website using the framework. Is there any way to make the Serverless return 404 instead of 403 for non-existing endpoints?

like image 494
Eduardo Avatar asked Sep 11 '17 17:09

Eduardo


1 Answers

Returning a 403 instead of 404 is a deliberate design decision.

This is a pattern that is used in many other AWS APIs (most notably S3). In S3, if the user would have had permissions to the see presence of the key (via the ListBucket permission), a 404 will be returned; otherwise a 403 will be returned. Because API Gateway enables permissions at the method level, we can't know whether or not the user should be permitted to have knowledge of the existence of the API resource level, and default to the 403 as a result.

You can elect to catch all missing API methods using a {proxy+} pattern.

events:
  - http:
      path: {proxy+} # catch any path not specified elsewhere
      method: get    # or change to any method if you prefer
like image 181
Trent Bartlem Avatar answered Oct 30 '22 07:10

Trent Bartlem