Package software.amazon.awscdk.services.cloudfront

Interface ResponseHeadersXSSProtection

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

ResponseHeadersXSSProtection.Jsii$Proxy

@Generated(value="jsii-pacmak/1.98.0 (build 00b106d)",
           date="2024-05-02T15:58:22.557Z")
@Stability(Stable)
public interface ResponseHeadersXSSProtection
extends software.amazon.jsii.JsiiSerializable

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.

Example:

 // Using an existing managed response headers policy
 S3Origin bucketOrigin;
 Distribution.Builder.create(this, "myDistManagedPolicy")
         .defaultBehavior(BehaviorOptions.builder()
                 .origin(bucketOrigin)
                 .responseHeadersPolicy(ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS)
                 .build())
         .build();
 // Creating a custom response headers policy -- all parameters optional
 ResponseHeadersPolicy myResponseHeadersPolicy = ResponseHeadersPolicy.Builder.create(this, "ResponseHeadersPolicy")
         .responseHeadersPolicyName("MyPolicy")
         .comment("A default policy")
         .corsBehavior(ResponseHeadersCorsBehavior.builder()
                 .accessControlAllowCredentials(false)
                 .accessControlAllowHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2"))
                 .accessControlAllowMethods(List.of("GET", "POST"))
                 .accessControlAllowOrigins(List.of("*"))
                 .accessControlExposeHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2"))
                 .accessControlMaxAge(Duration.seconds(600))
                 .originOverride(true)
                 .build())
         .customHeadersBehavior(ResponseCustomHeadersBehavior.builder()
                 .customHeaders(List.of(ResponseCustomHeader.builder().header("X-Amz-Date").value("some-value").override(true).build(), ResponseCustomHeader.builder().header("X-Amz-Security-Token").value("some-value").override(false).build()))
                 .build())
         .securityHeadersBehavior(ResponseSecurityHeadersBehavior.builder()
                 .contentSecurityPolicy(ResponseHeadersContentSecurityPolicy.builder().contentSecurityPolicy("default-src https:;").override(true).build())
                 .contentTypeOptions(ResponseHeadersContentTypeOptions.builder().override(true).build())
                 .frameOptions(ResponseHeadersFrameOptions.builder().frameOption(HeadersFrameOption.DENY).override(true).build())
                 .referrerPolicy(ResponseHeadersReferrerPolicy.builder().referrerPolicy(HeadersReferrerPolicy.NO_REFERRER).override(true).build())
                 .strictTransportSecurity(ResponseHeadersStrictTransportSecurity.builder().accessControlMaxAge(Duration.seconds(600)).includeSubdomains(true).override(true).build())
                 .xssProtection(ResponseHeadersXSSProtection.builder().protection(true).modeBlock(true).reportUri("https://example.com/csp-report").override(true).build())
                 .build())
         .removeHeaders(List.of("Server"))
         .serverTimingSamplingRate(50)
         .build();
 Distribution.Builder.create(this, "myDistCustomPolicy")
         .defaultBehavior(BehaviorOptions.builder()
                 .origin(bucketOrigin)
                 .responseHeadersPolicy(myResponseHeadersPolicy)
                 .build())
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	ResponseHeadersXSSProtection.Builder	A builder for ResponseHeadersXSSProtection
static final class	ResponseHeadersXSSProtection.Jsii$Proxy	An implementation for ResponseHeadersXSSProtection

Method Summary

Modifier and Type	Method	Description
static ResponseHeadersXSSProtection.Builder	builder()
default Boolean	getModeBlock()	A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.
Boolean	getOverride()	A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.
Boolean	getProtection()	A Boolean that determines the value of the X-XSS-Protection HTTP response header.
default String	getReportUri()	A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getOverride

@Stability(Stable)
@NotNull
Boolean getOverride()

A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

getProtection

@Stability(Stable)
@NotNull
Boolean getProtection()

A Boolean that determines the value of the X-XSS-Protection HTTP response header.

When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.

getModeBlock

@Stability(Stable)
@Nullable
default Boolean getModeBlock()

A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.

Default: false

getReportUri

@Stability(Stable)
@Nullable
default String getReportUri()

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.

You cannot specify a ReportUri when ModeBlock is true.

Default: - no report uri

builder

@Stability(Stable)
static ResponseHeadersXSSProtection.Builder builder()

Returns:

a ResponseHeadersXSSProtection.Builder of ResponseHeadersXSSProtection