Class ResponseSecurityHeadersBehavior

Configuration for a set of security-related HTTP response headers.

Inheritance

object

ResponseSecurityHeadersBehavior

Implements

IResponseSecurityHeadersBehavior

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Namespace: Amazon.CDK.AWS.CloudFront

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public class ResponseSecurityHeadersBehavior : IResponseSecurityHeadersBehavior

Syntax (vb)

Public Class ResponseSecurityHeadersBehavior Implements IResponseSecurityHeadersBehavior

Remarks

CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.

ExampleMetadata: infused

Examples

// Using an existing managed response headers policy
             S3Origin bucketOrigin;

             new Distribution(this, "myDistManagedPolicy", new DistributionProps {
                 DefaultBehavior = new BehaviorOptions {
                     Origin = bucketOrigin,
                     ResponseHeadersPolicy = ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS
                 }
             });

             // Creating a custom response headers policy -- all parameters optional
             var myResponseHeadersPolicy = new ResponseHeadersPolicy(this, "ResponseHeadersPolicy", new ResponseHeadersPolicyProps {
                 ResponseHeadersPolicyName = "MyPolicy",
                 Comment = "A default policy",
                 CorsBehavior = new ResponseHeadersCorsBehavior {
                     AccessControlAllowCredentials = false,
                     AccessControlAllowHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
                     AccessControlAllowMethods = new [] { "GET", "POST" },
                     AccessControlAllowOrigins = new [] { "*" },
                     AccessControlExposeHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
                     AccessControlMaxAge = Duration.Seconds(600),
                     OriginOverride = true
                 },
                 CustomHeadersBehavior = new ResponseCustomHeadersBehavior {
                     CustomHeaders = new [] { new ResponseCustomHeader { Header = "X-Amz-Date", Value = "some-value", Override = true }, new ResponseCustomHeader { Header = "X-Amz-Security-Token", Value = "some-value", Override = false } }
                 },
                 SecurityHeadersBehavior = new ResponseSecurityHeadersBehavior {
                     ContentSecurityPolicy = new ResponseHeadersContentSecurityPolicy { ContentSecurityPolicy = "default-src https:;", Override = true },
                     ContentTypeOptions = new ResponseHeadersContentTypeOptions { Override = true },
                     FrameOptions = new ResponseHeadersFrameOptions { FrameOption = HeadersFrameOption.DENY, Override = true },
                     ReferrerPolicy = new ResponseHeadersReferrerPolicy { ReferrerPolicy = HeadersReferrerPolicy.NO_REFERRER, Override = true },
                     StrictTransportSecurity = new ResponseHeadersStrictTransportSecurity { AccessControlMaxAge = Duration.Seconds(600), IncludeSubdomains = true, Override = true },
                     XssProtection = new ResponseHeadersXSSProtection { Protection = true, ModeBlock = false, ReportUri = "https://example.com/csp-report", Override = true }
                 },
                 RemoveHeaders = new [] { "Server" },
                 ServerTimingSamplingRate = 50
             });
             new Distribution(this, "myDistCustomPolicy", new DistributionProps {
                 DefaultBehavior = new BehaviorOptions {
                     Origin = bucketOrigin,
                     ResponseHeadersPolicy = myResponseHeadersPolicy
                 }
             });

Synopsis

Constructors

ResponseSecurityHeadersBehavior()

Configuration for a set of security-related HTTP response headers.

Properties

ContentSecurityPolicy	The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
ContentTypeOptions	Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.
FrameOptions	Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value.
ReferrerPolicy	Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value.
StrictTransportSecurity	Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value.
XssProtection	Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.

Constructors

ResponseSecurityHeadersBehavior()

Configuration for a set of security-related HTTP response headers.

public ResponseSecurityHeadersBehavior()

Remarks

CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.

ExampleMetadata: infused

Examples

// Using an existing managed response headers policy
             S3Origin bucketOrigin;

             new Distribution(this, "myDistManagedPolicy", new DistributionProps {
                 DefaultBehavior = new BehaviorOptions {
                     Origin = bucketOrigin,
                     ResponseHeadersPolicy = ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS
                 }
             });

             // Creating a custom response headers policy -- all parameters optional
             var myResponseHeadersPolicy = new ResponseHeadersPolicy(this, "ResponseHeadersPolicy", new ResponseHeadersPolicyProps {
                 ResponseHeadersPolicyName = "MyPolicy",
                 Comment = "A default policy",
                 CorsBehavior = new ResponseHeadersCorsBehavior {
                     AccessControlAllowCredentials = false,
                     AccessControlAllowHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
                     AccessControlAllowMethods = new [] { "GET", "POST" },
                     AccessControlAllowOrigins = new [] { "*" },
                     AccessControlExposeHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
                     AccessControlMaxAge = Duration.Seconds(600),
                     OriginOverride = true
                 },
                 CustomHeadersBehavior = new ResponseCustomHeadersBehavior {
                     CustomHeaders = new [] { new ResponseCustomHeader { Header = "X-Amz-Date", Value = "some-value", Override = true }, new ResponseCustomHeader { Header = "X-Amz-Security-Token", Value = "some-value", Override = false } }
                 },
                 SecurityHeadersBehavior = new ResponseSecurityHeadersBehavior {
                     ContentSecurityPolicy = new ResponseHeadersContentSecurityPolicy { ContentSecurityPolicy = "default-src https:;", Override = true },
                     ContentTypeOptions = new ResponseHeadersContentTypeOptions { Override = true },
                     FrameOptions = new ResponseHeadersFrameOptions { FrameOption = HeadersFrameOption.DENY, Override = true },
                     ReferrerPolicy = new ResponseHeadersReferrerPolicy { ReferrerPolicy = HeadersReferrerPolicy.NO_REFERRER, Override = true },
                     StrictTransportSecurity = new ResponseHeadersStrictTransportSecurity { AccessControlMaxAge = Duration.Seconds(600), IncludeSubdomains = true, Override = true },
                     XssProtection = new ResponseHeadersXSSProtection { Protection = true, ModeBlock = false, ReportUri = "https://example.com/csp-report", Override = true }
                 },
                 RemoveHeaders = new [] { "Server" },
                 ServerTimingSamplingRate = 50
             });
             new Distribution(this, "myDistCustomPolicy", new DistributionProps {
                 DefaultBehavior = new BehaviorOptions {
                     Origin = bucketOrigin,
                     ResponseHeadersPolicy = myResponseHeadersPolicy
                 }
             });

Properties

ContentSecurityPolicy

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

public IResponseHeadersContentSecurityPolicy? ContentSecurityPolicy { get; set; }

Property Value

IResponseHeadersContentSecurityPolicy

Remarks

Default: - no content security policy

ContentTypeOptions

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.

public IResponseHeadersContentTypeOptions? ContentTypeOptions { get; set; }

Property Value

IResponseHeadersContentTypeOptions

Remarks

Default: - no content type options

FrameOptions

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value.

public IResponseHeadersFrameOptions? FrameOptions { get; set; }

Property Value

IResponseHeadersFrameOptions

Remarks

Default: - no frame options

ReferrerPolicy

Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value.

public IResponseHeadersReferrerPolicy? ReferrerPolicy { get; set; }

Property Value

IResponseHeadersReferrerPolicy

Remarks

Default: - no referrer policy

StrictTransportSecurity

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value.

public IResponseHeadersStrictTransportSecurity? StrictTransportSecurity { get; set; }

Property Value

IResponseHeadersStrictTransportSecurity

Remarks

Default: - no strict transport security

XssProtection

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.

public IResponseHeadersXSSProtection? XssProtection { get; set; }

Property Value

IResponseHeadersXSSProtection

Remarks

Default: - no xss protection

Implements

IResponseSecurityHeadersBehavior