search

aws-amplify / amplify-hosting

AWS Amplify Hosting provides a Git-based workflow for deploying and hosting fullstack serverless web applications.
https://aws.amazon.com/amplify/hosting/
Apache License 2.0
454 stars 115 forks source link

Can't use environment variables in custom headers section of amplify.yml #644

Open FergusMcGlynn opened 4 years ago

FergusMcGlynn commented 4 years ago

Environment variables are not interpolated (i.e. their names are treated as literals) in the customHeaders section of amplify.yml (at least when amplify.yml is hosted in Amplify Console and not in the git repo).

For example, if amplify.yml contains:

env:
  variables:
    TRUSTED_DOMAIN: 'https://trusted.example.com'
frontend:
...
...
  customHeaders:
     headers:
     - key: 'Access-Control-Allow-Origin'
       value: ${TRUSTED_DOMAIN}

then when https://trusted.example.com tries to fetch a file from this app it will be blocked by CORS because the app is sending the header value "${TRUSTED_DOMAIN}" rather than "https://trusted.example.com":

Access to fetch at 'https://this.amplify.app.com/foobar.js' from origin 'https://trusted.example.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value '${TRUSTED_DOMAIN}'. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

The reason I want to use an environment variable in the customHeaders section is because I am setting up this Amplify Console app using Cloudformation, and I do not know the value of $TRUSTED_DOMAIN in advance of Cloudformation running - its value will be specific to a deployment environment, hence wanting to use it as an environment variable. The above example shows the environment variable being set in amplify.yml to demonstrate the point, but in my case the environment variable will be set by Cloudformation.

I can't find any documentation that states where in amplify.yml environment variables can be used. I assumed they can be used anywhere in the file but it looks like that's not the case. I notice that they can't be used in the artifacts section of amplify.yml either. This should either be fixed, or the documentation should make it clear where they can and can't be used and why.

ihao8 commented 4 years ago

Hi @FergusMcGlynn , Thank you for reporting. We cut a ticket in our customer oncall list. We will investigate your issue soon.

Jupdi commented 3 years ago

Hi, are there any updates to this? I tried to add a no-index header which should only apply to our test enviroment, but it seems that the env-vars are not available in the customHttp.yml

Weetbix commented 2 years ago

Would also like to see this, we would want to return link headers, and have different URLs for different environments (staging, etc)

NickDario commented 1 year ago

Bumping, we have headers that differ between dev and production that we define in customHttp.yml

dburles commented 5 months ago

I also have this requirement.

oleggromov commented 1 month ago

+1, this is very much needed please!