I have a react front end on Netlify and a resource on another domain I want to access. I have several use cases, but one of them is a database on Heroku.
I want to keep secrets, including which remote domains I’m accessing, hidden from the client and I thought I could do it with lambda functions. That is, the app calls lambda, lambda calls remote.
The problem I am having is that the remote domain uses server sessions and needs the application to pass the cookie but I don’t know how to make lambda pass it on. I realise this may be seen as a man-in-the-middle attack and may not be possible but any help is appreciated.
FYI, the process works if I hit the remote domain directly instead of using lambda, but I wanted some extra processing to take place before the data is returned to the application.
Sample code, anonymised, is provided:
App.js (React):
const getStuff = () => {
axios
.get("./netlify/functions/loadstuff", { withCredentials: true })
//.then, etc
}
loadstuff.js:
exports.handler = async function (event, context) {
try {
const response = await axios.get(
"http://anotherdomain.com/loadstuff",
{ withCredentials: true }
);
return {
statusCode: response.status,
headers: { "Content-Type": "application/json" },
body: JSON.stringify(response.data),
};
} catch (err) {
return {
statusCode: err.response.status,
headers: { "Content-Type": "application/json" },
body: err.toString(),
};
}
};
anotherdomain loadstuff:
const loadstuff = (request, response) => {
let result = {
//a bunch of stuff
};
//logic to configure and customise stuff based on caller
response.status(200).json(result);
};