interface ResponseCustomHeadersBehavior
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.CloudFront.ResponseCustomHeadersBehavior |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#ResponseCustomHeadersBehavior |
![]() | software.amazon.awscdk.services.cloudfront.ResponseCustomHeadersBehavior |
![]() | aws_cdk.aws_cloudfront.ResponseCustomHeadersBehavior |
![]() | aws-cdk-lib » aws_cloudfront » ResponseCustomHeadersBehavior |
Configuration for a set of HTTP response headers that are sent for requests that match a cache behavior that’s associated with this response headers policy.
Example
// Using an existing managed response headers policy
declare const bucketOrigin: origins.S3Origin;
new cloudfront.Distribution(this, 'myDistManagedPolicy', {
defaultBehavior: {
origin: bucketOrigin,
responseHeadersPolicy: cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
},
});
// Creating a custom response headers policy -- all parameters optional
const myResponseHeadersPolicy = new cloudfront.ResponseHeadersPolicy(this, 'ResponseHeadersPolicy', {
responseHeadersPolicyName: 'MyPolicy',
comment: 'A default policy',
corsBehavior: {
accessControlAllowCredentials: false,
accessControlAllowHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
accessControlAllowMethods: ['GET', 'POST'],
accessControlAllowOrigins: ['*'],
accessControlExposeHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
accessControlMaxAge: Duration.seconds(600),
originOverride: true,
},
customHeadersBehavior: {
customHeaders: [
{ header: 'X-Amz-Date', value: 'some-value', override: true },
{ header: 'X-Amz-Security-Token', value: 'some-value', override: false },
],
},
securityHeadersBehavior: {
contentSecurityPolicy: { contentSecurityPolicy: 'default-src https:;', override: true },
contentTypeOptions: { override: true },
frameOptions: { frameOption: cloudfront.HeadersFrameOption.DENY, override: true },
referrerPolicy: { referrerPolicy: cloudfront.HeadersReferrerPolicy.NO_REFERRER, override: true },
strictTransportSecurity: { accessControlMaxAge: Duration.seconds(600), includeSubdomains: true, override: true },
xssProtection: { protection: true, modeBlock: false, reportUri: 'https://example.com/csp-report', override: true },
},
removeHeaders: ['Server'],
serverTimingSamplingRate: 50,
});
new cloudfront.Distribution(this, 'myDistCustomPolicy', {
defaultBehavior: {
origin: bucketOrigin,
responseHeadersPolicy: myResponseHeadersPolicy,
},
});
Properties
Name | Type | Description |
---|---|---|
custom | Response [] | The list of HTTP response headers and their values. |
customHeaders
Type:
Response
[]
The list of HTTP response headers and their values.