ResponseSecurityHeadersBehavior
- class aws_cdk.aws_cloudfront.ResponseSecurityHeadersBehavior(*, content_security_policy=None, content_type_options=None, frame_options=None, referrer_policy=None, strict_transport_security=None, xss_protection=None)
Bases:
object
Configuration for a set of security-related HTTP response headers.
CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.
- Parameters:
content_security_policy (
Union
[ResponseHeadersContentSecurityPolicy
,Dict
[str
,Any
],None
]) – The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header. Default: - no content security policycontent_type_options (
Union
[ResponseHeadersContentTypeOptions
,Dict
[str
,Any
],None
]) – Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. Default: - no content type optionsframe_options (
Union
[ResponseHeadersFrameOptions
,Dict
[str
,Any
],None
]) – Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. Default: - no frame optionsreferrer_policy (
Union
[ResponseHeadersReferrerPolicy
,Dict
[str
,Any
],None
]) – Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value. Default: - no referrer policystrict_transport_security (
Union
[ResponseHeadersStrictTransportSecurity
,Dict
[str
,Any
],None
]) – Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. Default: - no strict transport securityxss_protection (
Union
[ResponseHeadersXSSProtection
,Dict
[str
,Any
],None
]) – Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. Default: - no xss protection
- ExampleMetadata:
infused
Example:
# Using an existing managed response headers policy # bucket_origin: origins.S3Origin cloudfront.Distribution(self, "myDistManagedPolicy", default_behavior=cloudfront.BehaviorOptions( origin=bucket_origin, response_headers_policy=cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS ) ) # Creating a custom response headers policy -- all parameters optional my_response_headers_policy = cloudfront.ResponseHeadersPolicy(self, "ResponseHeadersPolicy", response_headers_policy_name="MyPolicy", comment="A default policy", cors_behavior=cloudfront.ResponseHeadersCorsBehavior( access_control_allow_credentials=False, access_control_allow_headers=["X-Custom-Header-1", "X-Custom-Header-2"], access_control_allow_methods=["GET", "POST"], access_control_allow_origins=["*"], access_control_expose_headers=["X-Custom-Header-1", "X-Custom-Header-2"], access_control_max_age=Duration.seconds(600), origin_override=True ), custom_headers_behavior=cloudfront.ResponseCustomHeadersBehavior( custom_headers=[cloudfront.ResponseCustomHeader(header="X-Amz-Date", value="some-value", override=True), cloudfront.ResponseCustomHeader(header="X-Amz-Security-Token", value="some-value", override=False) ] ), security_headers_behavior=cloudfront.ResponseSecurityHeadersBehavior( content_security_policy=cloudfront.ResponseHeadersContentSecurityPolicy(content_security_policy="default-src https:;", override=True), content_type_options=cloudfront.ResponseHeadersContentTypeOptions(override=True), frame_options=cloudfront.ResponseHeadersFrameOptions(frame_option=cloudfront.HeadersFrameOption.DENY, override=True), referrer_policy=cloudfront.ResponseHeadersReferrerPolicy(referrer_policy=cloudfront.HeadersReferrerPolicy.NO_REFERRER, override=True), strict_transport_security=cloudfront.ResponseHeadersStrictTransportSecurity(access_control_max_age=Duration.seconds(600), include_subdomains=True, override=True), xss_protection=cloudfront.ResponseHeadersXSSProtection(protection=True, mode_block=True, report_uri="https://example.com/csp-report", override=True) ) ) cloudfront.Distribution(self, "myDistCustomPolicy", default_behavior=cloudfront.BehaviorOptions( origin=bucket_origin, response_headers_policy=my_response_headers_policy ) )
Attributes
- content_security_policy
The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
- Default:
no content security policy
- content_type_options
Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.
- Default:
no content type options
- frame_options
Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value.
- Default:
no frame options
- referrer_policy
Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value.
- Default:
no referrer policy
- strict_transport_security
Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value.
- Default:
no strict transport security
- xss_protection
Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.
- Default:
no xss protection