UpdateResponseHeadersPolicy
Updates a response headers policy.
When you update a response headers policy, the entire policy is replaced. You cannot update some policy fields independent of others. To update a response headers policy configuration:
-
Use
GetResponseHeadersPolicyConfigto get the current policy's configuration. -
Modify the fields in the response headers policy configuration that you want to update.
-
Call
UpdateResponseHeadersPolicy, providing the entire response headers policy configuration, including the fields that you modified and those that you didn't.
Request Syntax
PUT /2020-05-31/response-headers-policy/Id HTTP/1.1
<?xml version="1.0" encoding="UTF-8"?>
<ResponseHeadersPolicyConfig xmlns="http://cloudfront.amazonaws.com/doc/2020-05-31/">
<Comment>string</Comment>
<CorsConfig>
<AccessControlAllowCredentials>boolean</AccessControlAllowCredentials>
<AccessControlAllowHeaders>
<Items>
<Header>string</Header>
</Items>
<Quantity>integer</Quantity>
</AccessControlAllowHeaders>
<AccessControlAllowMethods>
<Items>
<Method>string</Method>
</Items>
<Quantity>integer</Quantity>
</AccessControlAllowMethods>
<AccessControlAllowOrigins>
<Items>
<Origin>string</Origin>
</Items>
<Quantity>integer</Quantity>
</AccessControlAllowOrigins>
<AccessControlExposeHeaders>
<Items>
<Header>string</Header>
</Items>
<Quantity>integer</Quantity>
</AccessControlExposeHeaders>
<AccessControlMaxAgeSec>integer</AccessControlMaxAgeSec>
<OriginOverride>boolean</OriginOverride>
</CorsConfig>
<CustomHeadersConfig>
<Items>
<ResponseHeadersPolicyCustomHeader>
<Header>string</Header>
<Override>boolean</Override>
<Value>string</Value>
</ResponseHeadersPolicyCustomHeader>
</Items>
<Quantity>integer</Quantity>
</CustomHeadersConfig>
<Name>string</Name>
<RemoveHeadersConfig>
<Items>
<ResponseHeadersPolicyRemoveHeader>
<Header>string</Header>
</ResponseHeadersPolicyRemoveHeader>
</Items>
<Quantity>integer</Quantity>
</RemoveHeadersConfig>
<SecurityHeadersConfig>
<ContentSecurityPolicy>
<ContentSecurityPolicy>string</ContentSecurityPolicy>
<Override>boolean</Override>
</ContentSecurityPolicy>
<ContentTypeOptions>
<Override>boolean</Override>
</ContentTypeOptions>
<FrameOptions>
<FrameOption>string</FrameOption>
<Override>boolean</Override>
</FrameOptions>
<ReferrerPolicy>
<Override>boolean</Override>
<ReferrerPolicy>string</ReferrerPolicy>
</ReferrerPolicy>
<StrictTransportSecurity>
<AccessControlMaxAgeSec>integer</AccessControlMaxAgeSec>
<IncludeSubdomains>boolean</IncludeSubdomains>
<Override>boolean</Override>
<Preload>boolean</Preload>
</StrictTransportSecurity>
<XSSProtection>
<ModeBlock>boolean</ModeBlock>
<Override>boolean</Override>
<Protection>boolean</Protection>
<ReportUri>string</ReportUri>
</XSSProtection>
</SecurityHeadersConfig>
<ServerTimingHeadersConfig>
<Enabled>boolean</Enabled>
<SamplingRate>double</SamplingRate>
</ServerTimingHeadersConfig>
</ResponseHeadersPolicyConfig>URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in XML format.
- ResponseHeadersPolicyConfig
-
Root level tag for the ResponseHeadersPolicyConfig parameters.
Required: Yes
- Comment
-
A comment to describe the response headers policy.
The comment cannot be longer than 128 characters.
Type: String
Required: No
- CorsConfig
-
A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
Type: ResponseHeadersPolicyCorsConfig object
Required: No
- CustomHeadersConfig
-
A configuration for a set of custom HTTP response headers.
Type: ResponseHeadersPolicyCustomHeadersConfig object
Required: No
- Name
-
A name to identify the response headers policy.
The name must be unique for response headers policies in this AWS account.
Type: String
Required: Yes
- RemoveHeadersConfig
-
A configuration for a set of HTTP headers to remove from the HTTP response.
Type: ResponseHeadersPolicyRemoveHeadersConfig object
Required: No
- SecurityHeadersConfig
-
A configuration for a set of security-related HTTP response headers.
Type: ResponseHeadersPolicySecurityHeadersConfig object
Required: No
- ServerTimingHeadersConfig
-
A configuration for enabling the
Server-Timingheader in HTTP responses sent from CloudFront.Type: ResponseHeadersPolicyServerTimingHeadersConfig object
Required: No
Response Syntax
HTTP/1.1 200
<?xml version="1.0" encoding="UTF-8"?>
<ResponseHeadersPolicy>
<Id>string</Id>
<LastModifiedTime>timestamp</LastModifiedTime>
<ResponseHeadersPolicyConfig>
<Comment>string</Comment>
<CorsConfig>
<AccessControlAllowCredentials>boolean</AccessControlAllowCredentials>
<AccessControlAllowHeaders>
<Items>
<Header>string</Header>
</Items>
<Quantity>integer</Quantity>
</AccessControlAllowHeaders>
<AccessControlAllowMethods>
<Items>
<Method>string</Method>
</Items>
<Quantity>integer</Quantity>
</AccessControlAllowMethods>
<AccessControlAllowOrigins>
<Items>
<Origin>string</Origin>
</Items>
<Quantity>integer</Quantity>
</AccessControlAllowOrigins>
<AccessControlExposeHeaders>
<Items>
<Header>string</Header>
</Items>
<Quantity>integer</Quantity>
</AccessControlExposeHeaders>
<AccessControlMaxAgeSec>integer</AccessControlMaxAgeSec>
<OriginOverride>boolean</OriginOverride>
</CorsConfig>
<CustomHeadersConfig>
<Items>
<ResponseHeadersPolicyCustomHeader>
<Header>string</Header>
<Override>boolean</Override>
<Value>string</Value>
</ResponseHeadersPolicyCustomHeader>
</Items>
<Quantity>integer</Quantity>
</CustomHeadersConfig>
<Name>string</Name>
<RemoveHeadersConfig>
<Items>
<ResponseHeadersPolicyRemoveHeader>
<Header>string</Header>
</ResponseHeadersPolicyRemoveHeader>
</Items>
<Quantity>integer</Quantity>
</RemoveHeadersConfig>
<SecurityHeadersConfig>
<ContentSecurityPolicy>
<ContentSecurityPolicy>string</ContentSecurityPolicy>
<Override>boolean</Override>
</ContentSecurityPolicy>
<ContentTypeOptions>
<Override>boolean</Override>
</ContentTypeOptions>
<FrameOptions>
<FrameOption>string</FrameOption>
<Override>boolean</Override>
</FrameOptions>
<ReferrerPolicy>
<Override>boolean</Override>
<ReferrerPolicy>string</ReferrerPolicy>
</ReferrerPolicy>
<StrictTransportSecurity>
<AccessControlMaxAgeSec>integer</AccessControlMaxAgeSec>
<IncludeSubdomains>boolean</IncludeSubdomains>
<Override>boolean</Override>
<Preload>boolean</Preload>
</StrictTransportSecurity>
<XSSProtection>
<ModeBlock>boolean</ModeBlock>
<Override>boolean</Override>
<Protection>boolean</Protection>
<ReportUri>string</ReportUri>
</XSSProtection>
</SecurityHeadersConfig>
<ServerTimingHeadersConfig>
<Enabled>boolean</Enabled>
<SamplingRate>double</SamplingRate>
</ServerTimingHeadersConfig>
</ResponseHeadersPolicyConfig>
</ResponseHeadersPolicy>Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in XML format by the service.
- ResponseHeadersPolicy
-
Root level tag for the ResponseHeadersPolicy parameters.
Required: Yes
- Id
-
The identifier for the response headers policy.
Type: String
- LastModifiedTime
-
The date and time when the response headers policy was last modified.
Type: Timestamp
- ResponseHeadersPolicyConfig
-
A response headers policy configuration.
Type: ResponseHeadersPolicyConfig object
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDenied
-
Access denied.
HTTP Status Code: 403
- IllegalUpdate
-
The update contains modifications that are not allowed.
HTTP Status Code: 400
- InconsistentQuantities
-
The value of
Quantityand the size ofItemsdon't match.HTTP Status Code: 400
- InvalidArgument
-
An argument is invalid.
HTTP Status Code: 400
- InvalidIfMatchVersion
-
The
If-Matchversion is missing or not valid.HTTP Status Code: 400
- NoSuchResponseHeadersPolicy
-
The response headers policy does not exist.
HTTP Status Code: 404
- PreconditionFailed
-
The precondition in one or more of the request fields evaluated to
false.HTTP Status Code: 412
- ResponseHeadersPolicyAlreadyExists
-
A response headers policy with this name already exists. You must provide a unique name. To modify an existing response headers policy, use
UpdateResponseHeadersPolicy.HTTP Status Code: 409
- TooLongCSPInResponseHeadersPolicy
-
The length of the
Content-Security-Policyheader value in the response headers policy exceeds the maximum.For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.
HTTP Status Code: 400
- TooManyCustomHeadersInResponseHeadersPolicy
-
The number of custom headers in the response headers policy exceeds the maximum.
For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.
HTTP Status Code: 400
- TooManyRemoveHeadersInResponseHeadersPolicy
-
The number of headers in
RemoveHeadersConfigin the response headers policy exceeds the maximum.For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
