问题
I have API Gateway set up with a Cognito authorizer that correctly authorizes any request with the id token in the header.
This is fine when requests are XHR based as I can add the header when preparing the request. However I can't add this when using <audio src="http://api-gateway/..."> which is made directly by the browser.
The best I can do is append the token in the querystring (?token=...) but Cognito only accepts tokens in the headers.
Is there any way to get Cognito to authorize requests when they come from HTML/CSS?
回答1:
Unfortunately API Gateway does not support security tokens in query string or path parameters. I do not see this changing in the short term so would recommend replacing any hardcoded HTML elements with appropriate JS client code.
来源:https://stackoverflow.com/questions/41011489/authorizing-aws-api-gateway-requests-from-token-in-query-string