`isValidPath()` logic does not match actual implementation about edgy HOT 5 CLOSED

Hello @clayton-cc - thanks for reaching out with the issue.

Just had to refresh myself with my own code 😄. This is interesting and yes, I took the description outlined in the event structure to read that "path" must be either / or a /path/to/resource.

On re-read, it seems I may very well have that wrong - and in addition the example given on the event structure page itself for an example origin request shows the following:

"origin": {
  "custom": {
    "customHeaders": {},
    "domainName": "example.org",
    "keepaliveTimeout": 5,
    "path": "",
    "port": 443,
    "protocol": "https",
    "readTimeout": 30,
    "sslProtocols": [
      "TLSv1",
      "TLSv1.1",
      "TLSv1.2"
    ]
  }

yes, an empty "path" 😄.

So I think the fixes should be:

• Update isValidPath() under payloadVerifyRequestOrigin() to allow either:
  • empty string.
  • a string starting with a / - but not ending with / (current behaviour).
  • But it should no longer allow just / as per your tests. This is an error.
• Also noted from docs - when a custom origin path must not exceed 255 characters - so I'll add that check in too. Missed this during the initial build of edgy.
• Update setOriginCustom() and setOriginS3() methods to ensure the given path is also validated by isValidPath() logic on set - and throw an exception if not valid.

I'm going to find some time to do the same as you - spin up a test/POC CloudFront/S3 and Lambda@Edge function on the origin request point in the request lifecycle and confirm these settings of path first.

from edgy.

Sorry @clayton-cc - haven't forgotten about this - just trying to find the time to test/remediate. 😄

from edgy.

Working through the possible options for .path - some results:

• Setting request.origin.s3.path = ''; - works 👍

• Setting request.origin.s3.path = '/';:

  The Lambda function returned an invalid origin configuration: The value of OriginPath is invalid. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
  If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
  

• Setting request.origin.s3.path = '/apples/';:

  The Lambda function returned an invalid origin configuration: The value of OriginPath is invalid. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
  If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
  

• Setting request.origin.s3.path = '/apples';: - works 👍

from edgy.

Hello @clayton-cc - I'm finally trying to get around to this issue - yes, it's been over a year!

Yep - based on my tests above with a CloudFront distribution, you're 100% correct - I've currently got the rules/tests slightly wrong ☝️.

Thus, the rules of path should be:

• Empty string ('') is valid.
• A value of single / is invalid.
• Start with a forward slash, but not end with one is valid.

In addition, as noted in AWS docs - for custom paths:

For custom origins only, the path should be URL encoded and have a maximum length of 255 characters.

Will now work to fix this / make better.

from edgy.

Have completed the fixes here finally! 🎉

Addressed in commits: ce7516b, 6dc348e, 93a3251.

All part of release v1.3.0+.

Thanks again @clayton-cc for bringing this issue to my attention 👍

from edgy.