Zappa icon indicating copy to clipboard operation
Zappa copied to clipboard

Published 20 hours ago verified publisher icon zappa

Cannot configure "host" request header passed to Lambda

Open heyteacher opened this issue 2 years ago • 1 comments

It's not possible to configure host in request header. When Zappa lambda is invoked, the API Gateway domain name specified in zappa_settings.json ( domain setting) is set and cannot be changed. This should be a problem if you put in front Zappa Api Gateway a Cloudfront distribution

Context

Follow the AWS best practices, Cloudfront serves static content from S3 and dynamic content from Zappa Api Gateway:

  1. Cloudfront distribution is configured with domain stage-classifiche-fantacitorio.adessospiana.it
  2. Cloudfront distribution is configured to forward all header to Zappa API Gateway except Host request header (Otherwise API Gateway fails )
  3. Zappa API Gateway is configured with domain fc-project-api-stage.adessospiana.it
  4. Django ALLOWED_HOSTS setting is set to .adessospiana.it in order to accept requests from *.adessospiana.it

When I browser cloudfrond endpoint https://stage-classifiche-fantacitorio.adessospiana.it, Zappa API Gateway Host request header in Zappa event is set to fc-project-api-stage.adessospiana.it.

This is not a problem in all use cases except when You use allauth (module for Oauth2 integration) because it read Protocol, Host and Port from request header to build callback_url. In my use case https://fc-project-api-stage.adessospiana.it instead of the CDN endpoint https://stage-classifiche-fantacitorio.adessospiana.it.

So I can authenticate with success only if I start browsing from https://fc-project-api-stage.adessospiana.it.

Therefore start browsing from https://stage-classifiche-fantacitorio.adessospiana.it, authentication fails because callback_url domain differs from browser domain.

Expected Behavior

Be able to configure Zappa to force the Zappa event to the CDN Hostrequest header

Actual Behavior

Now, the Zappa Event Host request header is set to Zappa API Gateway endpoint and is non possible to change this value in Zappa.

Possible Fix

My suggestion is to add cdn_domain to zappa_setting.json. If cdn_domain is set, every Zappa Lambda invocation the Zappa Event will set Host with this value

Steps to Reproduce

  1. open link https://stage-classifiche-fantacitorio.adessospiana.it in incognito mode
  2. on the top-right click Entra
  3. on center click the big twitter button
  4. in the URL redirected, the oauth_callback request parameter value contains fc-project-api-stage.adessospiana.it instead of stage-classifiche-fantacitorio.adessospiana.it https://api.twitter.com/oauth/authenticate?oauth_token=XXXXX&oauth_callback=https%3A%2F%2Ffc-project-api-stage.adessospiana.it%2Faccounts%2Ftwitter%2Flogin%2Fcallback%2F

Your Environment

  • Zappa version used: 0.57.0

  • Operating System and Python version: Ubuntu 23.04 and Python 3.9.16

  • pip freeze:

    argcomplete==3.0.8
asgiref==3.7.2
boto3==1.26.146
botocore==1.29.146
certifi==2023.5.7
cffi==1.15.1
cfn-flip==1.3.0
charset-normalizer==3.1.0
click==8.1.3
coverage==7.2.7
cryptography==41.0.1
defusedxml==0.7.1
diff-match-patch==20230430
Django==4.2.1
django-admin-autocomplete-filter==0.7.1
django-allauth==0.54.0
django-autocomplete-light==3.9.7
django-bootstrap5==23.1
django-cockroachdb==4.2
django-debug-toolbar==4.1.0
django-dynamodb-cache==0.5.1
django-extensions==3.2.1
django-filter==23.2
django-import-export==3.2.0
django-s3-sqlite==0.0.5
django-tables2==2.5.3
djhacker==0.2.3
durationpy==0.5
et-xmlfile==1.1.0
exceptiongroup==1.1.1
hjson==3.1.0
idna==3.4
iniconfig==2.0.0
jmespath==1.0.1
kappa==0.6.0
MarkupPy==1.14
MarkupSafe==2.1.3
oauthlib==3.2.2
odfpy==1.4.1
openpyxl==3.1.2
packaging==23.1
placebo==0.9.0
pluggy==1.0.0
psycopg2==2.9.6
psycopg2-binary==2.9.6
pycparser==2.21
PyJWT==2.7.0
pytest==7.3.1
pytest-cov==4.1.0
pytest-django==4.5.2
python-dateutil==2.8.2
python-slugify==8.0.1
python3-openid==3.2.0
PyYAML==6.0
requests==2.31.0
requests-oauthlib==1.3.1
s3transfer==0.6.1
six==1.16.0
sqlparse==0.4.4
tablib==3.4.0
text-unidecode==1.3
toml==0.10.2
tomli==2.0.1
tqdm==4.65.0
troposphere==4.3.2
typing_extensions==4.6.3
urllib3==1.26.16
Werkzeug==2.3.4
xlrd==2.0.1
xlwt==1.3.0
zappa==0.57.0

  • github project: https://github.com/heyteacher/fantacitorio

  • Your zappa_settings.json:

    {
    "stage": {
        "aws_region": "eu-west-1",
        "django_settings": "fc_project.settings",
        "profile_name": "<AWS IAM USER>",
        "project_name": "fc_project",
        "runtime": "python3.9",
        "s3_bucket": "<ZAPPA DEPLOY S3 BUCKET",
        "timeout_seconds": 600,
        "use_precompiled_packages": false,
        "domain": "fc-project-api-stage.adessospiana.it",
        "certificate_arn": "arn:aws:acm:us-east-1:XXXXX+:certificate/XXXXXX-XXXX-XXXX-XXXX-XXXXXXXX",
        "exclude": [".git*", "rankdb.sqlite3", "db.sqlite3", "*.md", "images", "static", "venv", "venvprod", "requirements*", "zappa_settings.json.template"],
        "debug": false,
        "log_level": "INFO",
        "keep_warm": true,

        "aws_environment_variables": {
            "DEBUG": "false",
            "ALLAUTH_ENABLED": "true",

            "SECRET_KEY": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
            "ALLOWED_HOSTS_1": ".adessospiana.it",

            "DATABASE_DEFAULT_ENGINE": "django_s3_sqlite",
            "DATABASE_DEFAULT_NAME": "db.sqlite3",
            "DATABASE_DEFAULT_BUCKET": "<S3 DATABASE BUCKET>",

            "DATABASE_CLASSIFICHE_ENGINE": "django_s3_sqlite",
            "DATABASE_CLASSIFICHE_NAME": "rankdb.sqlite3",
            "DATABASE_CLASSIFICHE_BUCKET": "<S3 DATABASE BUCKET>",

            "STATICFILES_STORAGE": "django_s3_storage.storage.StaticS3Storage",
            "AWS_S3_BUCKET_NAME_STATIC": "<S3 STATIC BUCKET>",
            "AWS_S3_KEY_PREFIX_STATIC": "static/",
            "AWS_CLOUDFRONT_ENDPOINT": "https://stage-classifiche-fantacitorio.adessospiana.it",

            "CACHE_DEFAULT_BACHEND": "django_dynamodb_cache.backend.DjangoCacheBackend",
            "CACHE_DEFAULT_LOCATION": "<TABELLA DYNAMODB>",
            "CACHE_DEFAULT_AWS_REGION": "<REGIONE AWS>",

            "EMAIL_HOST": "<MAIL HOST>",
            "EMAIL_PORT": "<PORT>",
            "EMAIL_HOST_USER": "<USER>",
            "EMAIL_HOST_PASSWORD": "<PASSWORD>",
            "DEFAULT_FROM_EMAIL": "<DEFAULT FROM EMAIL>",
            "EMAIL_SUBJECT_PREFIX": "[FC_STAGE] ",
            "EMAIL_USE_SSL": "true",
            "EMAIL_USE_TLS": "false",
            "EMAIL_ADMIN_NAME": "<ADMIN NAME>",
            "EMAIL_ADMIN_EMAIL": "<ADMIN EMAIL>",
            "EMAIL_MANAGER_NAME": "<MANAGER NAME>",
            "EMAIL_MANAGER_EMAIL": "<MANAGER EMAIL>",


            "SECURE_SSL_REDIRECT": "true",
            "SECURE_HSTS_SECONDS": "864000"
        }
    }
}

heyteacher avatar Jun 07 '23 20:06 heyteacher

This appears to be an issue with lamba and cloudfront integration. Is that correct?

monkut avatar Aug 14 '23 05:08 monkut

Hi there! Unfortunately, this Issue has not seen any activity for at least 90 days. If the Issue is still relevant to the latest version of Zappa, please comment within the next 10 days if you wish to keep it open. Otherwise, it will be automatically closed.

github-actions[bot] avatar Apr 03 '24 18:04 github-actions[bot]

Hi there! Unfortunately, this Issue was automatically closed as it had not seen any activity in at least 100 days. If the Issue is still relevant to the latest version of Zappa, please open a new Issue.

github-actions[bot] avatar Apr 13 '24 20:04 github-actions[bot]