Skip to content

Removing "accept" header from cache/originRequest policy when AutoWebP is disabled. #372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Removing "accept" header from cache/originRequest policy when AutoWebP is disabled. #372

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
104 changes: 85 additions & 19 deletions source/constructs/lib/back-end/back-end-construct.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@ import * as path from "path";
import { LambdaRestApiProps, RestApi } from "aws-cdk-lib/aws-apigateway";
import {
AllowedMethods,
CacheHeaderBehavior,
CachePolicy,
CacheQueryStringBehavior,
CfnCachePolicy,
CfnOriginRequestPolicy,
DistributionProps,
ICachePolicy,
IOrigin,
OriginRequestPolicy,
IOriginRequestPolicy,
OriginSslPolicy,
PriceClass,
ViewerProtocolPolicy,
Expand All @@ -21,11 +21,12 @@ import { Runtime } from "aws-cdk-lib/aws-lambda";
import { NodejsFunction } from "aws-cdk-lib/aws-lambda-nodejs";
import { LogGroup, RetentionDays } from "aws-cdk-lib/aws-logs";
import { IBucket } from "aws-cdk-lib/aws-s3";
import { ArnFormat, Aws, Duration, Lazy, Stack } from "aws-cdk-lib";
import { ArnFormat, Aws, Duration, Lazy, Resource, Stack } from "aws-cdk-lib";
import { Construct } from "constructs";
import { CloudFrontToApiGatewayToLambda } from "@aws-solutions-constructs/aws-cloudfront-apigateway-lambda";

import { addCfnSuppressRules } from "../../utils/utils";
import { Conditions } from "../common-resources/common-resources-construct";
import { SolutionConstructProps } from "../types";

export interface BackEndProps extends SolutionConstructProps {
Expand All @@ -35,6 +36,7 @@ export interface BackEndProps extends SolutionConstructProps {
readonly logsBucket: IBucket;
readonly uuid: string;
readonly cloudFrontPriceClass: string;
readonly conditions: Conditions;
}

export class BackEnd extends Construct {
Expand Down Expand Up @@ -135,21 +137,9 @@ export class BackEnd extends Construct {
},
]);

const cachePolicy = new CachePolicy(this, "CachePolicy", {
cachePolicyName: `ServerlessImageHandler-${props.uuid}`,
defaultTtl: Duration.days(1),
minTtl: Duration.seconds(1),
maxTtl: Duration.days(365),
enableAcceptEncodingGzip: true,
headerBehavior: CacheHeaderBehavior.allowList("origin", "accept"),
queryStringBehavior: CacheQueryStringBehavior.allowList("signature"),
});
const cachePolicy = new CustomBackEndCachePolicy(this, "CachePolicy", props);

const originRequestPolicy = new OriginRequestPolicy(this, "OriginRequestPolicy", {
originRequestPolicyName: `ServerlessImageHandler-${props.uuid}`,
headerBehavior: CacheHeaderBehavior.allowList("origin", "accept"),
queryStringBehavior: CacheQueryStringBehavior.allowList("signature"),
});
const originRequestPolicy = new CustomBackEndOriginRequestPolicy(this, "OriginRequestPolicy", props);

const apiGatewayRestApi = RestApi.fromRestApiId(
this,
Expand Down Expand Up @@ -215,3 +205,79 @@ export class BackEnd extends Construct {
this.domainName = imageHandlerCloudFrontApiGatewayLambda.cloudFrontWebDistribution.distributionDomainName;
}
}

class CustomBackEndCachePolicy extends Resource implements ICachePolicy {
public readonly cachePolicyId: string;

constructor(scope: Construct, id: string, props: BackEndProps) {
super(scope, id, {
physicalName: `ServerlessImageHandler-${props.uuid}`,
});

const cachePolicy = new CfnCachePolicy(this, "Resource", {
cachePolicyConfig: {
name: `ServerlessImageHandler-${props.uuid}`,
defaultTtl: Duration.days(1).toSeconds(),
minTtl: Duration.seconds(1).toSeconds(),
maxTtl: Duration.days(365).toSeconds(),
parametersInCacheKeyAndForwardedToOrigin: {
enableAcceptEncodingGzip: true,
enableAcceptEncodingBrotli: false,
queryStringsConfig: {
queryStringBehavior: "whitelist",
queryStrings: ["signature"],
},
headersConfig: {
headerBehavior: "whitelist",
},
cookiesConfig: {
cookieBehavior: "none",
},
},
},
});

// https://github.com/aws/aws-cdk/issues/8396#issuecomment-857690411
cachePolicy.addOverride(
"Properties.CachePolicyConfig.ParametersInCacheKeyAndForwardedToOrigin.HeadersConfig.Headers",
{
"Fn::If": [props.conditions.enableAutoWebPCondition.logicalId, ["origin", "accept"], ["origin"]],
}
);

this.cachePolicyId = cachePolicy.ref;
}
}

class CustomBackEndOriginRequestPolicy extends Resource implements IOriginRequestPolicy {
public readonly originRequestPolicyId: string;

constructor(scope: Construct, id: string, props: BackEndProps) {
super(scope, id, {
physicalName: `ServerlessImageHandler-${props.uuid}`,
});

const originRequestPolicy = new CfnOriginRequestPolicy(this, "Resource", {
originRequestPolicyConfig: {
name: `ServerlessImageHandler-${props.uuid}`,
headersConfig: {
headerBehavior: "whitelist",
},
queryStringsConfig: {
queryStringBehavior: "whitelist",
queryStrings: ["signature"],
},
cookiesConfig: {
cookieBehavior: "none",
},
},
});

// https://github.com/aws/aws-cdk/issues/8396#issuecomment-857690411
originRequestPolicy.addOverride("Properties.OriginRequestPolicyConfig.HeadersConfig.Headers", {
"Fn::If": [props.conditions.enableAutoWebPCondition.logicalId, ["origin", "accept"], ["origin"]],
});

this.originRequestPolicyId = originRequestPolicy.ref;
}
}
4 changes: 4 additions & 0 deletions source/constructs/lib/common-resources/common-resources-construct.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ export interface Conditions {
readonly enableSignatureCondition: CfnCondition;
readonly enableDefaultFallbackImageCondition: CfnCondition;
readonly enableCorsCondition: CfnCondition;
readonly enableAutoWebPCondition: CfnCondition;
}

export interface AppRegistryApplicationProps {
Expand Down Expand Up @@ -55,6 +56,9 @@ export class CommonResources extends Construct {
enableCorsCondition: new CfnCondition(this, "EnableCorsCondition", {
expression: Fn.conditionEquals(props.corsEnabled, "Yes"),
}),
enableAutoWebPCondition: new CfnCondition(this, "EnableAutoWebPCondition", {
expression: Fn.conditionEquals(props.autoWebP, "Yes"),
}),
};

this.secretsManagerPolicy = new Policy(this, "SecretsManagerPolicy", {
Expand Down
1 change: 1 addition & 0 deletions source/constructs/lib/serverless-image-stack.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ export class ServerlessImageHandlerStack extends Stack {
logsBucket: commonResources.logsBucket,
uuid: commonResources.customResources.uuid,
cloudFrontPriceClass: cloudFrontPriceClassParameter.valueAsString,
conditions: commonResources.conditions,
...solutionConstructProps,
});

Expand Down
40 changes: 32 additions & 8 deletions source/constructs/test/__snapshots__/constructs.test.ts.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,14 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = `
"Yes",
],
},
"CommonResourcesEnableAutoWebPCondition68405A08": {
"Fn::Equals": [
{
"Ref": "AutoWebPParameter",
},
"Yes",
],
},
"CommonResourcesEnableCorsConditionA0615348": {
"Fn::Equals": [
{
Expand Down Expand Up @@ -398,10 +406,18 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = `
"EnableAcceptEncodingGzip": true,
"HeadersConfig": {
"HeaderBehavior": "whitelist",
"Headers": [
"origin",
"accept",
],
"Headers": {
"Fn::If": [
"CommonResourcesEnableAutoWebPCondition68405A08",
[
"origin",
"accept",
],
[
"origin",
],
],
},
},
"QueryStringsConfig": {
"QueryStringBehavior": "whitelist",
Expand Down Expand Up @@ -1254,10 +1270,18 @@ exports[`Serverless Image Handler Stack Snapshot 1`] = `
},
"HeadersConfig": {
"HeaderBehavior": "whitelist",
"Headers": [
"origin",
"accept",
],
"Headers": {
"Fn::If": [
"CommonResourcesEnableAutoWebPCondition68405A08",
[
"origin",
"accept",
],
[
"origin",
],
],
},
},
"Name": {
"Fn::Join": [
Expand Down