I got lambda function to work for the first time! Now its is working the endpoint is public. How do I restrict access to the lambda function? I only want my app in the same domain to access to the lambda function. Is there anything I can configure to do that?
Hi @zhex900, you’ll get this by default if you don’t add CORS headers. Other websites won’t be able to make requests to your functions if they are on different domains. If you need more security than this then you should probably pass a special token with all requests to your function that you verify in the function before processing the request. Note that CORS only applies to requests made from the browsers. Anyone can make requests from a backend server to your function even if you don’t have CORS setup to allow it.
Implementing a signed cookie can be done any number of ways. One approach could be a separate lambda function that issues JWT using jsonwebtoken - npm. The token this function provides can then be saved in localstorage or a cookie. You can then make sure you send this token with your requests to your existing function and add some logic that decrypts the token using the same jsonwebtoken package.