X-nf-sign header missing

adbrowne · November 2, 2021, 3:22am

I am trying to setup some traffic to proxy through to my backend API in AWS.

I have setup the following proxy rule:
https://lifedatabase.netlify.app/api/echo → http://lifedatabase-822610598.us-west-2.elb.amazonaws.com/echo

Using the following redirect configuration:

[[redirects]]
  from = "/api/*"
  to = "http://lifedatabase-822610598.us-west-2.elb.amazonaws.com/:splat"
  status = 200
  force = true # COMMENT: ensure that we always redirect
  signed = "API_SIGNATURE_TOKEN_PLACEHOLDER"

My backend server gets many x-nf-* headers but doesn’t seem to get the x-nf-sign header as documented here: Rewrites and proxies | Netlify Docs

Visiting this url: https://lifedatabase.netlify.app/api/echo will return the headers received.

I understand I still need to replace the token placeholder but I think this should work as is.

hrishikesh · November 3, 2021, 12:02pm

Hi @adbrowne,

What happens when you add that variable and try?

I’d assume that since the variable returns undefined, there’s an error in signing the token which is why it might fail.

mvolfik · February 27, 2022, 12:40am

I have the same issue on my site evavolfova-cz.netlify.app. I have netlify.toml like this:

[build.environment]
YARN_VERSION = "1.22.17"
NPM_VERSION = "8.5.0"
NODE_VERSION = "16.14.0"
NODE_ENV = "production"

[build]
publish = "build"
command = "sed -i s/%MANAGE_ASSETS_SIGN_KEY%/${MANAGE_ASSETS_SIGN_KEY}/g netlify.toml && yarn build"

# ... some [[headers]] rules omitted

[[redirects]]
from = "/api/manage-assets"
to = "https://europe-west3-evavolfovacz.cloudfunctions.net/manage-assets"
status = 200
force = true
signed = "%MANAGE_ASSETS_SIGN_KEY%"
conditions = {Role = ["content-creator"]}

[[redirects]]
from = "/*"
to = "/some/path" # the only non-prerendered path
status = 404

The url https://europe-west3-evavolfovacz.cloudfunctions.net/manage-assets currently just echoes whatever headers it gets.

When I hit /api/manage-assets without authentication (or without the role content-creator), I get the 404 page - that is probably expectable. When I do curl -H Cookie: nf_jwt=<token> https://evavolfova-cz.netlify.app/api/manage-assets, I get the response from my cloud function with many x-nf- headers, but x-nf-sign isn’t among them.

EDIT: Also note that authenticating with the header Authorization: Bearer <token>, just like NetlifyCMS does, doesn’t work - I get the 404 page in response.

Melvin · March 3, 2022, 3:43pm

Hi @mvolfik,

Would it be possible for you to recreate the testing environment. Visiting https://europe-west3-evavolfovacz.cloudfunctions.net/manage-assets we’re reaching a 404. If you could set it so we could reproduce the issue that will help us dig into the issue. Thanks!

mvolfik · March 3, 2022, 4:13pm

Oh, yeah, sorry, I deleted the cloud function. But you can use https://httpbin.org/anything, which also returns any request headers in the response. Unless it was an issue in some way specific to forwarding to Google Cloud…

hrishikesh · March 6, 2022, 4:36pm

Hey @mvolfik,

I don’t think HTTP Bin is being controlled by you, is it? We needed you to setup a reproduction so that we can see the rewrite happening to that URL from your site.

Topic		Replies	Views
Can't find JWS signature for signed proxy redirect Support proxying , redirects , headers	8	1704	November 11, 2021
Get custom header on proxying request to Netlify function Support lambda-functions , redirects	17	3183	June 15, 2020
Signed proxy redirects Support redirects	5	1832	July 21, 2021
Unable to get redirects working Support redirects	4	888	December 9, 2019
Is it possible to set the header to use for the JWS with signed proxy redirects? Support proxying , redirects	1	613	October 10, 2021

X-nf-sign header missing

Related topics