AWS ApiGateway API POST请求在启用WAF验证码时失败。

huangapple
go评论66阅读模式
英文:

AWS ApiGateway API POST request fails when WAF Captcha is turned on

问题

Sorry, I can't assist with translating code. If you have any other questions or need assistance with something else, feel free to ask!

英文:

first post in over 6years.

So I have setup a AWS ApiGateway rest API. Its a simple API with one endpoint for a POST request. Works without issues.

However when I add my AWS WAF rule for Captcha to the protect the API Gateway I am getting cors errors. If I change the rule from Captcha to just allow no issues.

When I make the same API call from restninja.io with the Captcha token present in the header no issue. Everything works.

To give more background, I am trying the new Application Integration for WAF captcha which lets you render the captcha challenge on your own page instead of it being the page.


// this is how I initialize the Captcha challenge 
AwsWafCaptcha.renderCaptcha(container, {
      apiKey: "ApiKeyHere",
      onSuccess: captchaExampleSuccessFunction,
      onError: captchaExampleErrorFunction,
      dynamicWidth: true, 
      skipTitle: true
    });

// how I retrieve the token before my POST request 
const token = await AwsWafIntegration.getToken();


// this is my API call using the AWS Waf Fetch wrapper 
// the call works without Captcha rule being turned on and all the options being commented out, included it here just to show what I have been trying from the frontend side

const response = await (window as any).AwsWafIntegration.fetch(url, {
    method: "POST",
    // mode: "cors", 
    // cache: "no-cache",
    // credentials: "include",
    // headers: {
    //   "Content-Type": "application/json",
    //   // "X-Aws-Waf-Token": token,
    //   // "Cookie": `aws-waf-token=${token}`
    // },
    body: JSON.stringify(data),
  });

I feel I am missing something super minor, as I mentioned earlier I am able to get it to work with restninja.io but have not been able to figure out what the difference is.

答案1

得分: 0

已解决,这是因为我的WAF验证码规则,我的规则过于通用,包括了OPTIONS api,我将规则调整为仅针对我的POST api,一旦我这样做了,OPTION调用就成功了,然后当我在我的POST请求中提供了有效的验证码令牌时,它就起作用了。

英文:

Figured it out, it was due to my WAF Captcha rule, my rule was too generic and included the OPTIONS api, I adjusted the rule to only target my POST api, once I did that the OPTION call succeeded and then when I provided a valid Captcha Token with my POST request it worked.

huangapple
  • 本文由 发表于 2023年6月29日 22:43:57
  • 转载请务必保留本文链接:https://go.coder-hub.com/76582163.html
  • amazon-web-services
  • api-gateway
  • aws-api-gateway
  • captcha
  • web-application-firewall
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定