Move from Cloudfront functions to Response headers for security #129
Labels
enhancement
New feature or request
Comments
|
Wow that's super cool! I completely missed that. Let's revisit when CDK support is in! |
|
@mnapoli Any update on this? Support seems to be available: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.ResponseSecurityHeadersBehavior.html |
|
@MarcErdmann as you can see in this page, there was no comment saying this is implemented :) So there is no update on this. Feel free to start working on it 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
AWS announced today support for Response headers with a built-in preset for adding security headers.
https://aws.amazon.com/fr/about-aws/whats-new/2021/11/amazon-cloudfront-supports-cors-security-custom-http-response-headers/
I think it could replace the response cloudfront function and save on the extra cost.
Unfortunatly, Cloudformation (and so CDK) support is not there yet, so I'm opening this to gather feedback and hopefully not forget about it 😅
There's also the option to add CORS headers on the distribution which may be useful for the server side website and even custom fixed value headers (no use case yet from my POV).
EDIT: more detailed article here https://aws.amazon.com/fr/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-response-headers-policies/
The text was updated successfully, but these errors were encountered: