Awhile ago I moved this blog to an AWS EC2 instance and, to try and reduce load on the instance, put the blog behind Amazon CloudFront, since CloudFront makes a decent front-side cache and has a free tier.
All seemed well until one day I went to update an old blog post, and upon saving the post was met with this response:
Updating failed. The response is not a valid JSON response.
Uhhh… what?
So I did some digging, and I immediately saw HTTP 403 (Forbidden) errors in my web browser’s console from an endpoint called autosaves. I then checked my webserver logs, but saw no sign of the URL there, nor any errors. Turns out that CloudFront was blocking the request, but why?
Even stranger was when I tried doing a simple post to the autosaves endpoint, I had no issues. But if I went into the Network tab in Chrome, click Copy as cURL command on the offending request in question, and ran that on the command line, I was able to reproduce the issue. So CloudFront was only blocking some requests… but why?
It turns out that, by default, the web ACLs that CloudFront installs on new distributions will prevent you from making a POST or PUT request where the body is larger than 8 K. Reasonable for most websites, but sadly not WordPress.
I’ll show you how to fix that.
Continue reading “When AWS CloudFront Breaks WordPress”