- Newest
- Most votes
- Most comments
For custom origins CloudFront will forward the Authorization header in some instances if you do not have CloudFront configured to cache based on header values. This would be the case if you're using the Managed-CachingDisabled cache policy. This behavior changes based on the request type as follows:
-
GET and HEAD requests – CloudFront removes the Authorization header field before forwarding the request to your origin.
-
OPTIONS requests – CloudFront removes the Authorization header field before forwarding the request to your origin if you configure CloudFront to cache responses to OPTIONS requests. CloudFront forwards the Authorization header field to your origin if you do not configure CloudFront to cache responses to OPTIONS requests.
-
DELETE, PATCH, POST, and PUT requests – CloudFront does not remove the header field before forwarding the request to your origin.
See the section "HTTP request headers and CloudFront behavior (custom and Amazon S3 origins)" from [1] for a table of request headers and corresponding CloudFront behaviors.
Relevant content
- Accepted Answerasked 5 months ago
- Accepted Answerasked 2 years ago
- asked 8 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 months ago