ResponseHeadersPolicyProps

class aws_cdk.aws_cloudfront.ResponseHeadersPolicyProps(*, comment=None, cors_behavior=None, custom_headers_behavior=None, remove_headers=None, response_headers_policy_name=None, security_headers_behavior=None, server_timing_sampling_rate=None)

Bases: object

Properties for creating a Response Headers Policy.

Parameters:

• comment (Optional[str]) – A comment to describe the response headers policy. Default: - no comment

• cors_behavior (Union[ResponseHeadersCorsBehavior, Dict[str, Any], None]) – A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). Default: - no cors behavior

• custom_headers_behavior (Union[ResponseCustomHeadersBehavior, Dict[str, Any], None]) – A configuration for a set of custom HTTP response headers. Default: - no custom headers behavior

• remove_headers (Optional[Sequence[str]]) – A list of HTTP response headers that CloudFront removes from HTTP responses that it sends to viewers. Default: - no headers are removed

• response_headers_policy_name (Optional[str]) – A unique name to identify the response headers policy. Default: - generated from the id

• security_headers_behavior (Union[ResponseSecurityHeadersBehavior, Dict[str, Any], None]) – A configuration for a set of security-related HTTP response headers. Default: - no security headers behavior

• server_timing_sampling_rate (Union[int, float, None]) – The percentage of responses that you want CloudFront to add the Server-Timing header to. Default: - no Server-Timing header is added to HTTP responses

ExampleMetadata:

infused

Example:

# Using an existing managed response headers policy
# bucket_origin: origins.S3Origin

cloudfront.Distribution(self, "myDistManagedPolicy",
    default_behavior=cloudfront.BehaviorOptions(
        origin=bucket_origin,
        response_headers_policy=cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS
    )
)

# Creating a custom response headers policy -- all parameters optional
my_response_headers_policy = cloudfront.ResponseHeadersPolicy(self, "ResponseHeadersPolicy",
    response_headers_policy_name="MyPolicy",
    comment="A default policy",
    cors_behavior=cloudfront.ResponseHeadersCorsBehavior(
        access_control_allow_credentials=False,
        access_control_allow_headers=["X-Custom-Header-1", "X-Custom-Header-2"],
        access_control_allow_methods=["GET", "POST"],
        access_control_allow_origins=["*"],
        access_control_expose_headers=["X-Custom-Header-1", "X-Custom-Header-2"],
        access_control_max_age=Duration.seconds(600),
        origin_override=True
    ),
    custom_headers_behavior=cloudfront.ResponseCustomHeadersBehavior(
        custom_headers=[cloudfront.ResponseCustomHeader(header="X-Amz-Date", value="some-value", override=True), cloudfront.ResponseCustomHeader(header="X-Amz-Security-Token", value="some-value", override=False)
        ]
    ),
    security_headers_behavior=cloudfront.ResponseSecurityHeadersBehavior(
        content_security_policy=cloudfront.ResponseHeadersContentSecurityPolicy(content_security_policy="default-src https:;", override=True),
        content_type_options=cloudfront.ResponseHeadersContentTypeOptions(override=True),
        frame_options=cloudfront.ResponseHeadersFrameOptions(frame_option=cloudfront.HeadersFrameOption.DENY, override=True),
        referrer_policy=cloudfront.ResponseHeadersReferrerPolicy(referrer_policy=cloudfront.HeadersReferrerPolicy.NO_REFERRER, override=True),
        strict_transport_security=cloudfront.ResponseHeadersStrictTransportSecurity(access_control_max_age=Duration.seconds(600), include_subdomains=True, override=True),
        xss_protection=cloudfront.ResponseHeadersXSSProtection(protection=True, mode_block=False, report_uri="https://example.com/csp-report", override=True)
    ),
    remove_headers=["Server"],
    server_timing_sampling_rate=50
)
cloudfront.Distribution(self, "myDistCustomPolicy",
    default_behavior=cloudfront.BehaviorOptions(
        origin=bucket_origin,
        response_headers_policy=my_response_headers_policy
    )
)

Attributes

comment

A comment to describe the response headers policy.

Default:

• no comment

cors_behavior

A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).

Default:

• no cors behavior

custom_headers_behavior

A configuration for a set of custom HTTP response headers.

Default:

• no custom headers behavior

remove_headers

A list of HTTP response headers that CloudFront removes from HTTP responses that it sends to viewers.

Default:

• no headers are removed

response_headers_policy_name

A unique name to identify the response headers policy.

Default:

• generated from the id

security_headers_behavior

A configuration for a set of security-related HTTP response headers.

Default:

• no security headers behavior

server_timing_sampling_rate

The percentage of responses that you want CloudFront to add the Server-Timing header to.

Default:

• no Server-Timing header is added to HTTP responses