interface ResponseHeadersPolicyProps
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.CloudFront.ResponseHeadersPolicyProps |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#ResponseHeadersPolicyProps |
![]() | software.amazon.awscdk.services.cloudfront.ResponseHeadersPolicyProps |
![]() | aws_cdk.aws_cloudfront.ResponseHeadersPolicyProps |
![]() | aws-cdk-lib » aws_cloudfront » ResponseHeadersPolicyProps |
Properties for creating a Response Headers Policy.
Example
// Using an existing managed response headers policy
declare const bucketOrigin: origins.S3Origin;
new cloudfront.Distribution(this, 'myDistManagedPolicy', {
defaultBehavior: {
origin: bucketOrigin,
responseHeadersPolicy: cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
},
});
// Creating a custom response headers policy -- all parameters optional
const myResponseHeadersPolicy = new cloudfront.ResponseHeadersPolicy(this, 'ResponseHeadersPolicy', {
responseHeadersPolicyName: 'MyPolicy',
comment: 'A default policy',
corsBehavior: {
accessControlAllowCredentials: false,
accessControlAllowHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
accessControlAllowMethods: ['GET', 'POST'],
accessControlAllowOrigins: ['*'],
accessControlExposeHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
accessControlMaxAge: Duration.seconds(600),
originOverride: true,
},
customHeadersBehavior: {
customHeaders: [
{ header: 'X-Amz-Date', value: 'some-value', override: true },
{ header: 'X-Amz-Security-Token', value: 'some-value', override: false },
],
},
securityHeadersBehavior: {
contentSecurityPolicy: { contentSecurityPolicy: 'default-src https:;', override: true },
contentTypeOptions: { override: true },
frameOptions: { frameOption: cloudfront.HeadersFrameOption.DENY, override: true },
referrerPolicy: { referrerPolicy: cloudfront.HeadersReferrerPolicy.NO_REFERRER, override: true },
strictTransportSecurity: { accessControlMaxAge: Duration.seconds(600), includeSubdomains: true, override: true },
xssProtection: { protection: true, modeBlock: false, reportUri: 'https://example.com/csp-report', override: true },
},
removeHeaders: ['Server'],
serverTimingSamplingRate: 50,
});
new cloudfront.Distribution(this, 'myDistCustomPolicy', {
defaultBehavior: {
origin: bucketOrigin,
responseHeadersPolicy: myResponseHeadersPolicy,
},
});
Properties
Name | Type | Description |
---|---|---|
comment? | string | A comment to describe the response headers policy. |
cors | Response | A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). |
custom | Response | A configuration for a set of custom HTTP response headers. |
remove | string[] | A list of HTTP response headers that CloudFront removes from HTTP responses that it sends to viewers. |
response | string | A unique name to identify the response headers policy. |
security | Response | A configuration for a set of security-related HTTP response headers. |
server | number | The percentage of responses that you want CloudFront to add the Server-Timing header to. |
comment?
Type:
string
(optional, default: no comment)
A comment to describe the response headers policy.
corsBehavior?
Type:
Response
(optional, default: no cors behavior)
A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
customHeadersBehavior?
Type:
Response
(optional, default: no custom headers behavior)
A configuration for a set of custom HTTP response headers.
removeHeaders?
Type:
string[]
(optional, default: no headers are removed)
A list of HTTP response headers that CloudFront removes from HTTP responses that it sends to viewers.
responseHeadersPolicyName?
Type:
string
(optional, default: generated from the id
)
A unique name to identify the response headers policy.
securityHeadersBehavior?
Type:
Response
(optional, default: no security headers behavior)
A configuration for a set of security-related HTTP response headers.
serverTimingSamplingRate?
Type:
number
(optional, default: no Server-Timing header is added to HTTP responses)
The percentage of responses that you want CloudFront to add the Server-Timing header to.