search

stackery / php-lambda-layer

PHP Runtime Layer for AWS Lambda
Other
320 stars 70 forks source link

Fix redirecting from PHP #42

Closed keichan34 closed 5 years ago

keichan34 commented 5 years ago

By following redirects to the local PHP server inside Lambda, the function will return an invalid response. This fix will not follow redirects, so only the 30X response will be returned to API Gateway.

txase commented 5 years ago

Hi @keichan34!

I'm not sure I understand why this change is necessary. Why are the requests sent back to API Gateway invalid? Maybe it would be helpful if you could show what the Lambda response is showing how things are breaking?

🙏

keichan34 commented 5 years ago

Sorry, my explanation wasn't clear. This is what's happening:

  1. User makes request to apigw/redirect.php
  2. redirect.php returns a 302 response to https://www.google.com
  3. curl in bootstrap follows this response to google.
  4. bootstrap returns a merged response to API gateway

Because CURLOPT_HEADERFUNCTION is used to record headers as they come in, headers will be doubled up (the headers from step 2 and 3 are both in $response['multiValueHeaders']).

Here's an excerpt of a request returned to API Gateway:

{
    "multiValueHeaders": {
        "Host": [
            "XXX.execute-api.us-west-2.amazonaws.com"
        ],
        "Date": [
            "Mon, 24 Jun 2019 06:45:52 GMT",
            "Mon, 24 Jun 2019 06:45:53 GMT"
        ],
        "Connection": [
            "close",
            "keep-alive"
        ],
        "X-Powered-By": [
            "PHP/7.3.6",
            "PHP/7.3.6"
        ],
        "X-ExecFile": [
            "/var/task/wp-admin/index.php",
            "/var/task/wp-login.php"
        ],
        "Expires": [
            "Wed, 11 Jan 1984 05:00:00 GMT",
            "Wed, 11 Jan 1984 05:00:00 GMT"
        ],
        "Cache-Control": [
            "no-cache, must-revalidate, max-age=0",
            "no-cache, must-revalidate, max-age=0"
        ],
        "X-Redirect-By": [
            "WordPress"
        ],
        "Location": [
            "https://XXX.cloudfront.net/wp-login.php?redirect_to=https%3A%2F%2FXXX.execute-api.us-west-2.amazonaws.com%2Fwp-admin%2F&reauth=1"
        ],
        "Content-type": [
            "text/html; charset=UTF-8"
        ],
        "Content-Type": [
            "text/html; charset=UTF-8"
        ],
        "Content-Length": [
            "0"
        ]
    },
    "statusCode": 200
}

As you can see, headers are doubled up, and there is a Location header, even though the status code is 200. In this specific case, the error itself was there being 2 content-type headers (the capitalization is different, so PHP put them in different bins, but API gateway probably validated them case-insensitively)