amplify-hosting icon indicating copy to clipboard operation
amplify-hosting copied to clipboard
verified publisher icon aws-amplify

Can't use environment variables in custom headers section of amplify.yml

Open FergusMcGlynn opened this issue 5 years ago • 9 comments

Environment variables are not interpolated (i.e. their names are treated as literals) in the customHeaders section of amplify.yml (at least when amplify.yml is hosted in Amplify Console and not in the git repo).

For example, if amplify.yml contains:

env:
  variables:
    TRUSTED_DOMAIN: 'https://trusted.example.com'
frontend:
...
...
  customHeaders:
     headers:
     - key: 'Access-Control-Allow-Origin'
       value: ${TRUSTED_DOMAIN}

then when https://trusted.example.com tries to fetch a file from this app it will be blocked by CORS because the app is sending the header value "${TRUSTED_DOMAIN}" rather than "https://trusted.example.com":

Access to fetch at 'https://this.amplify.app.com/foobar.js' from origin 'https://trusted.example.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value '${TRUSTED_DOMAIN}'. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

The reason I want to use an environment variable in the customHeaders section is because I am setting up this Amplify Console app using Cloudformation, and I do not know the value of $TRUSTED_DOMAIN in advance of Cloudformation running - its value will be specific to a deployment environment, hence wanting to use it as an environment variable. The above example shows the environment variable being set in amplify.yml to demonstrate the point, but in my case the environment variable will be set by Cloudformation.

I can't find any documentation that states where in amplify.yml environment variables can be used. I assumed they can be used anywhere in the file but it looks like that's not the case. I notice that they can't be used in the artifacts section of amplify.yml either. This should either be fixed, or the documentation should make it clear where they can and can't be used and why.

FergusMcGlynn avatar May 04 '20 17:05 FergusMcGlynn

Hi @FergusMcGlynn , Thank you for reporting. We cut a ticket in our customer oncall list. We will investigate your issue soon.

ihao8 avatar May 05 '20 08:05 ihao8

Hi, are there any updates to this? I tried to add a no-index header which should only apply to our test enviroment, but it seems that the env-vars are not available in the customHttp.yml

Jupdi avatar Feb 18 '21 16:02 Jupdi

Would also like to see this, we would want to return link headers, and have different URLs for different environments (staging, etc)

Weetbix avatar Aug 24 '22 10:08 Weetbix

Bumping, we have headers that differ between dev and production that we define in customHttp.yml

NickDario avatar Aug 24 '23 21:08 NickDario

I also have this requirement.

dburles avatar Apr 16 '24 22:04 dburles

+1, this is very much needed please!

oleggromov avatar Aug 05 '24 11:08 oleggromov