X-nf-sign header missing

I am trying to setup some traffic to proxy through to my backend API in AWS.

I have setup the following proxy rule:

Using the following redirect configuration:

  from = "/api/*"
  to = "http://lifedatabase-822610598.us-west-2.elb.amazonaws.com/:splat"
  status = 200
  force = true # COMMENT: ensure that we always redirect

My backend server gets many x-nf-* headers but doesn’t seem to get the x-nf-sign header as documented here: Rewrites and proxies | Netlify Docs

Visiting this url: https://lifedatabase.netlify.app/api/echo will return the headers received.

I understand I still need to replace the token placeholder but I think this should work as is.

Hi @adbrowne,

What happens when you add that variable and try?

I’d assume that since the variable returns undefined, there’s an error in signing the token which is why it might fail.

I have the same issue on my site evavolfova-cz.netlify.app. I have netlify.toml like this:

YARN_VERSION = "1.22.17"
NPM_VERSION = "8.5.0"
NODE_VERSION = "16.14.0"
NODE_ENV = "production"

publish = "build"
command = "sed -i s/%MANAGE_ASSETS_SIGN_KEY%/${MANAGE_ASSETS_SIGN_KEY}/g netlify.toml && yarn build"

# ... some [[headers]] rules omitted

from = "/api/manage-assets"
to = "https://europe-west3-evavolfovacz.cloudfunctions.net/manage-assets"
status = 200
force = true
conditions = {Role = ["content-creator"]}

from = "/*"
to = "/some/path" # the only non-prerendered path
status = 404

The url https://europe-west3-evavolfovacz.cloudfunctions.net/manage-assets currently just echoes whatever headers it gets.

When I hit /api/manage-assets without authentication (or without the role content-creator), I get the 404 page - that is probably expectable. When I do curl -H Cookie: nf_jwt=<token> https://evavolfova-cz.netlify.app/api/manage-assets, I get the response from my cloud function with many x-nf- headers, but x-nf-sign isn’t among them.

EDIT: Also note that authenticating with the header Authorization: Bearer <token>, just like NetlifyCMS does, doesn’t work - I get the 404 page in response.

Hi @mvolfik,

Would it be possible for you to recreate the testing environment. Visiting https://europe-west3-evavolfovacz.cloudfunctions.net/manage-assets we’re reaching a 404. If you could set it so we could reproduce the issue that will help us dig into the issue. Thanks!

Oh, yeah, sorry, I deleted the cloud function. But you can use https://httpbin.org/anything, which also returns any request headers in the response. Unless it was an issue in some way specific to forwarding to Google Cloud…

Hey @mvolfik,

I don’t think HTTP Bin is being controlled by you, is it? We needed you to setup a reproduction so that we can see the rewrite happening to that URL from your site.