Fixes found when applying changes.

- Cookie forwarding rules are required. - S3 origins require alternate format of domain_name. - One origin had a typo in its origin_id. - Allow browser to frame PDFs from the app.EFCMS_DOMAIN domain.
flexion · Sep 4, 2020 · 4f9bb9c · 4f9bb9c
1 parent 9305ddb
commit 4f9bb9c
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/web-client/terraform/common/cloudfront-edge/header-security-lambda.js b/web-client/terraform/common/cloudfront-edge/header-security-lambda.js
@@ -48,7 +48,7 @@ exports.handler = (event, context, callback) => {
     `style-src 'self' 'unsafe-inline' ${dynamsoftUrl}`,
     `img-src ${applicationUrl} ${subdomainsUrl} data:`,
     `font-src ${applicationUrl} ${subdomainsUrl}`,
-    `frame-src ${s3Url} blob:`,
+    `frame-src ${s3Url} ${subdomainsUrl} blob:`,
     "frame-ancestors 'none'",
   ];
   headers['content-security-policy'] = [

diff --git a/web-client/terraform/common/frontend.tf b/web-client/terraform/common/frontend.tf
@@ -169,23 +169,23 @@ resource "aws_cloudfront_distribution" "distribution" {
   }
 
   origin {
-    domain_name = "s3.us-east-1.amazonaws.com/${var.dns_domain}-documents-${var.environment}-us-east-1/"
+    domain_name = "${var.dns_domain}-documents-${var.environment}-us-east-1.s3.amazonaws.com"
     origin_id   = "primary-documents.${var.dns_domain}"
   }
 
   origin {
-    domain_name = "s3.us-west-1.amazonaws.com/${var.dns_domain}-documents-${var.environment}-us-west-1/"
+    domain_name = "${var.dns_domain}-documents-${var.environment}-us-west-1.s3.amazonaws.com"
     origin_id   = "failover-documents.${var.dns_domain}"
   }
 
   origin {
-    domain_name = "s3.us-east-1.amazonaws.com/${var.dns_domain}-temp-documents-${var.environment}-us-east-1/"
+    domain_name = "${var.dns_domain}-temp-documents-${var.environment}-us-east-1.s3.amazonaws.com"
     origin_id   = "primary-temp-documents.${var.dns_domain}"
   }
 
   origin {
-    domain_name = "s3.us-west-1.amazonaws.com/${var.dns_domain}-temp-documents-${var.environment}-us-west-1/"
-    origin_id   = "failover-documents.${var.dns_domain}"
+    domain_name = "${var.dns_domain}-temp-documents-${var.environment}-us-west-1.s3.amazonaws.com"
+    origin_id   = "failover-temp-documents.${var.dns_domain}"
   }
 
   custom_error_response {
@@ -269,6 +269,10 @@ resource "aws_cloudfront_distribution" "distribution" {
 
     forwarded_values {
       query_string = true
+
+      cookies {
+        forward = "none"
+      }
     }
   }
 
@@ -291,6 +295,10 @@ resource "aws_cloudfront_distribution" "distribution" {
 
     forwarded_values {
       query_string = true
+
+      cookies {
+        forward = "none"
+      }
     }
   }