@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)",
date="2023-01-31T18:36:57.150Z")
public interface ResponseHeadersXSSProtection
Example:
// Using an existing managed response headers policy
S3Origin bucketOrigin;
Distribution.Builder.create(this, "myDistManagedPolicy")
.defaultBehavior(BehaviorOptions.builder()
.origin(bucketOrigin)
.responseHeadersPolicy(ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS)
.build())
.build();
// Creating a custom response headers policy -- all parameters optional
ResponseHeadersPolicy myResponseHeadersPolicy = ResponseHeadersPolicy.Builder.create(this, "ResponseHeadersPolicy")
.responseHeadersPolicyName("MyPolicy")
.comment("A default policy")
.corsBehavior(ResponseHeadersCorsBehavior.builder()
.accessControlAllowCredentials(false)
.accessControlAllowHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2"))
.accessControlAllowMethods(List.of("GET", "POST"))
.accessControlAllowOrigins(List.of("*"))
.accessControlExposeHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2"))
.accessControlMaxAge(Duration.seconds(600))
.originOverride(true)
.build())
.customHeadersBehavior(ResponseCustomHeadersBehavior.builder()
.customHeaders(List.of(ResponseCustomHeader.builder().header("X-Amz-Date").value("some-value").override(true).build(), ResponseCustomHeader.builder().header("X-Amz-Security-Token").value("some-value").override(false).build()))
.build())
.securityHeadersBehavior(ResponseSecurityHeadersBehavior.builder()
.contentSecurityPolicy(ResponseHeadersContentSecurityPolicy.builder().contentSecurityPolicy("default-src https:;").override(true).build())
.contentTypeOptions(ResponseHeadersContentTypeOptions.builder().override(true).build())
.frameOptions(ResponseHeadersFrameOptions.builder().frameOption(HeadersFrameOption.DENY).override(true).build())
.referrerPolicy(ResponseHeadersReferrerPolicy.builder().referrerPolicy(HeadersReferrerPolicy.NO_REFERRER).override(true).build())
.strictTransportSecurity(ResponseHeadersStrictTransportSecurity.builder().accessControlMaxAge(Duration.seconds(600)).includeSubdomains(true).override(true).build())
.xssProtection(ResponseHeadersXSSProtection.builder().protection(true).modeBlock(true).reportUri("https://example.com/csp-report").override(true).build())
.build())
.build();
Distribution.Builder.create(this, "myDistCustomPolicy")
.defaultBehavior(BehaviorOptions.builder()
.origin(bucketOrigin)
.responseHeadersPolicy(myResponseHeadersPolicy)
.build())
.build();
| Modifier and Type | Interface and Description |
|---|---|
static class |
ResponseHeadersXSSProtection.Builder
A builder for
ResponseHeadersXSSProtection |
static class |
ResponseHeadersXSSProtection.Jsii$Proxy
An implementation for
ResponseHeadersXSSProtection |
| Modifier and Type | Method and Description |
|---|---|
static ResponseHeadersXSSProtection.Builder |
builder() |
default java.lang.Boolean |
getModeBlock()
A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.
|
java.lang.Boolean |
getOverride()
A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.
|
java.lang.Boolean |
getProtection()
A Boolean that determines the value of the X-XSS-Protection HTTP response header.
|
default java.lang.String |
getReportUri()
A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.
|
java.lang.Boolean getOverride()
java.lang.Boolean getProtection()
When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.
default java.lang.Boolean getModeBlock()
Default: false
default java.lang.String getReportUri()
You cannot specify a ReportUri when ModeBlock is true.
Default: - no report uri
static ResponseHeadersXSSProtection.Builder builder()