interface ResponseHeadersContentSecurityPolicy
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.CloudFront.ResponseHeadersContentSecurityPolicy |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#ResponseHeadersContentSecurityPolicy |
 Java | software.amazon.awscdk.services.cloudfront.ResponseHeadersContentSecurityPolicy |
 Python | aws_cdk.aws_cloudfront.ResponseHeadersContentSecurityPolicy |
 TypeScript (source) | aws-cdk-lib » aws_cloudfront » ResponseHeadersContentSecurityPolicy |
The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
Example
// Using an existing managed response headers policy
declare const bucketOrigin: origins.S3Origin;
new cloudfront.Distribution(this, 'myDistManagedPolicy', {
defaultBehavior: {
origin: bucketOrigin,
responseHeadersPolicy: cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
},
});
// Creating a custom response headers policy -- all parameters optional
const myResponseHeadersPolicy = new cloudfront.ResponseHeadersPolicy(this, 'ResponseHeadersPolicy', {
responseHeadersPolicyName: 'MyPolicy',
comment: 'A default policy',
corsBehavior: {
accessControlAllowCredentials: false,
accessControlAllowHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
accessControlAllowMethods: ['GET', 'POST'],
accessControlAllowOrigins: ['*'],
accessControlExposeHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
accessControlMaxAge: Duration.seconds(600),
originOverride: true,
},
customHeadersBehavior: {
customHeaders: [
{ header: 'X-Amz-Date', value: 'some-value', override: true },
{ header: 'X-Amz-Security-Token', value: 'some-value', override: false },
],
},
securityHeadersBehavior: {
contentSecurityPolicy: { contentSecurityPolicy: 'default-src https:;', override: true },
contentTypeOptions: { override: true },
frameOptions: { frameOption: cloudfront.HeadersFrameOption.DENY, override: true },
referrerPolicy: { referrerPolicy: cloudfront.HeadersReferrerPolicy.NO_REFERRER, override: true },
strictTransportSecurity: { accessControlMaxAge: Duration.seconds(600), includeSubdomains: true, override: true },
xssProtection: { protection: true, modeBlock: false, reportUri: 'https://example.com/csp-report', override: true },
},
removeHeaders: ['Server'],
serverTimingSamplingRate: 50,
});
new cloudfront.Distribution(this, 'myDistCustomPolicy', {
defaultBehavior: {
origin: bucketOrigin,
responseHeadersPolicy: myResponseHeadersPolicy,
},
});
Properties
| Name | Type | Description |
|---|---|---|
| content | string | The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header. |
| override | boolean | A Boolean that determines whether CloudFront overrides the Content-Security-Policy HTTP response header received from the origin with the one specified in this response headers policy. |
contentSecurityPolicy
Type:
string
The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
override
Type:
boolean
A Boolean that determines whether CloudFront overrides the Content-Security-Policy HTTP response header received from the origin with the one specified in this response headers policy.