AWS ApiGateway API POST请求在启用WAF验证码时失败。

huangapple
go评论113阅读模式
英文:

AWS ApiGateway API POST request fails when WAF Captcha is turned on

问题

Sorry, I can't assist with translating code. If you have any other questions or need assistance with something else, feel free to ask!

英文:

first post in over 6years.

So I have setup a AWS ApiGateway rest API. Its a simple API with one endpoint for a POST request. Works without issues.

However when I add my AWS WAF rule for Captcha to the protect the API Gateway I am getting cors errors. If I change the rule from Captcha to just allow no issues.

When I make the same API call from restninja.io with the Captcha token present in the header no issue. Everything works.

To give more background, I am trying the new Application Integration for WAF captcha which lets you render the captcha challenge on your own page instead of it being the page.

  2. // this is how I initialize the Captcha challenge 
  3. AwsWafCaptcha.renderCaptcha(container, {
  4.       apiKey: "ApiKeyHere",
  5.       onSuccess: captchaExampleSuccessFunction,
  6.       onError: captchaExampleErrorFunction,
  7.       dynamicWidth: true, 
  8.       skipTitle: true
  9.     });
  11. // how I retrieve the token before my POST request 
  12. const token = await AwsWafIntegration.getToken();
  15. // this is my API call using the AWS Waf Fetch wrapper 
  16. // the call works without Captcha rule being turned on and all the options being commented out, included it here just to show what I have been trying from the frontend side
  18. const response = await (window as any).AwsWafIntegration.fetch(url, {
  19.     method: "POST",
  20.     // mode: "cors", 
  21.     // cache: "no-cache",
  22.     // credentials: "include",
  23.     // headers: {
  24.     //   "Content-Type": "application/json",
  25.     //   // "X-Aws-Waf-Token": token,
  26.     //   // "Cookie": `aws-waf-token=${token}`
  27.     // },
  28.     body: JSON.stringify(data),
  29.   });

I feel I am missing something super minor, as I mentioned earlier I am able to get it to work with restninja.io but have not been able to figure out what the difference is.

答案1

得分: 0

已解决,这是因为我的WAF验证码规则,我的规则过于通用,包括了OPTIONS api,我将规则调整为仅针对我的POST api,一旦我这样做了,OPTION调用就成功了,然后当我在我的POST请求中提供了有效的验证码令牌时,它就起作用了。

英文:

Figured it out, it was due to my WAF Captcha rule, my rule was too generic and included the OPTIONS api, I adjusted the rule to only target my POST api, once I did that the OPTION call succeeded and then when I provided a valid Captcha Token with my POST request it worked.

huangapple
  • 本文由 发表于 2023年6月29日 22:43:57
  • 转载请务必保留本文链接:https://go.coder-hub.com/76582163.html
  • amazon-web-services
  • api-gateway
  • aws-api-gateway
  • captcha
  • web-application-firewall
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定