Thank you @hillary! I really appreciate the help!
The only x-nf value I’m seeing in the response header in my dev tools is ‘x-nf-request-Id’
That aside, the reason I’m doing an internal proxy is to add a jws signature to protect my endpoint from being available outside my own site, as explained in this post. My plan was to verify the jws in my function and return an unauthorized response if the signature could not be validated using the secret in the environment variable. Here’s the sample code from my handler:
const jwsValue = event.headers['X-Nf-Sign'];
if (!jwsValue) {
return {
statusCode: 401,
body: 'Unauthorized',
};
}
const secret = process.env.API_SIGNATURE_TOKEN;
const verified = jws.verify(jwsValue, 'HS256', secret);
console.log('verified ', verified);
if (!verified)
return {
statusCode: 401,
body: 'Unauthorized - Invalid Signature',
};
Am I missing somewhere other than the “context” and “event” variables passed to the Netlify function that I can view the header? Any other suggestions? Thanks again!