Class ResponseHeadersPolicy

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.Resource
software.amazon.awscdk.services.cloudfront.ResponseHeadersPolicy
All Implemented Interfaces:
IResource, IResponseHeadersPolicy, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.94.0 (build b380f01)", date="2024-02-23T02:06:29.330Z") @Stability(Stable) public class ResponseHeadersPolicy extends Resource implements IResponseHeadersPolicy
A Response Headers Policy configuration.

Example:

 // Using an existing managed response headers policy
 S3Origin bucketOrigin;
 Distribution.Builder.create(this, "myDistManagedPolicy")
         .defaultBehavior(BehaviorOptions.builder()
                 .origin(bucketOrigin)
                 .responseHeadersPolicy(ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS)
                 .build())
         .build();
 // Creating a custom response headers policy -- all parameters optional
 ResponseHeadersPolicy myResponseHeadersPolicy = ResponseHeadersPolicy.Builder.create(this, "ResponseHeadersPolicy")
         .responseHeadersPolicyName("MyPolicy")
         .comment("A default policy")
         .corsBehavior(ResponseHeadersCorsBehavior.builder()
                 .accessControlAllowCredentials(false)
                 .accessControlAllowHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2"))
                 .accessControlAllowMethods(List.of("GET", "POST"))
                 .accessControlAllowOrigins(List.of("*"))
                 .accessControlExposeHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2"))
                 .accessControlMaxAge(Duration.seconds(600))
                 .originOverride(true)
                 .build())
         .customHeadersBehavior(ResponseCustomHeadersBehavior.builder()
                 .customHeaders(List.of(ResponseCustomHeader.builder().header("X-Amz-Date").value("some-value").override(true).build(), ResponseCustomHeader.builder().header("X-Amz-Security-Token").value("some-value").override(false).build()))
                 .build())
         .securityHeadersBehavior(ResponseSecurityHeadersBehavior.builder()
                 .contentSecurityPolicy(ResponseHeadersContentSecurityPolicy.builder().contentSecurityPolicy("default-src https:;").override(true).build())
                 .contentTypeOptions(ResponseHeadersContentTypeOptions.builder().override(true).build())
                 .frameOptions(ResponseHeadersFrameOptions.builder().frameOption(HeadersFrameOption.DENY).override(true).build())
                 .referrerPolicy(ResponseHeadersReferrerPolicy.builder().referrerPolicy(HeadersReferrerPolicy.NO_REFERRER).override(true).build())
                 .strictTransportSecurity(ResponseHeadersStrictTransportSecurity.builder().accessControlMaxAge(Duration.seconds(600)).includeSubdomains(true).override(true).build())
                 .xssProtection(ResponseHeadersXSSProtection.builder().protection(true).modeBlock(true).reportUri("https://example.com/csp-report").override(true).build())
                 .build())
         .removeHeaders(List.of("Server"))
         .serverTimingSamplingRate(50)
         .build();
 Distribution.Builder.create(this, "myDistCustomPolicy")
         .defaultBehavior(BehaviorOptions.builder()
                 .origin(bucketOrigin)
                 .responseHeadersPolicy(myResponseHeadersPolicy)
                 .build())
         .build();
 
  • Field Details

    • CORS_ALLOW_ALL_ORIGINS

      @Stability(Stable) public static final IResponseHeadersPolicy CORS_ALLOW_ALL_ORIGINS
      Use this managed policy to allow simple CORS requests from any origin.
    • CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS

      @Stability(Stable) public static final IResponseHeadersPolicy CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS
      Use this managed policy to allow simple CORS requests from any origin and add a set of security headers to all responses that CloudFront sends to viewers.
    • CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT

      @Stability(Stable) public static final IResponseHeadersPolicy CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT
      Use this managed policy to allow CORS requests from any origin, including preflight requests.
    • CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS

      @Stability(Stable) public static final IResponseHeadersPolicy CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS
      Use this managed policy to allow CORS requests from any origin, including preflight requests, and add a set of security headers to all responses that CloudFront sends to viewers.
    • SECURITY_HEADERS

      @Stability(Stable) public static final IResponseHeadersPolicy SECURITY_HEADERS
      Use this managed policy to add a set of security headers to all responses that CloudFront sends to viewers.
  • Constructor Details

    • ResponseHeadersPolicy

      protected ResponseHeadersPolicy(software.amazon.jsii.JsiiObjectRef objRef)
    • ResponseHeadersPolicy

      protected ResponseHeadersPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
    • ResponseHeadersPolicy

      @Stability(Stable) public ResponseHeadersPolicy(@NotNull software.constructs.Construct scope, @NotNull String id, @Nullable ResponseHeadersPolicyProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props -
    • ResponseHeadersPolicy

      @Stability(Stable) public ResponseHeadersPolicy(@NotNull software.constructs.Construct scope, @NotNull String id)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
  • Method Details

    • fromResponseHeadersPolicyId

      @Stability(Stable) @NotNull public static IResponseHeadersPolicy fromResponseHeadersPolicyId(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String responseHeadersPolicyId)
      Import an existing Response Headers Policy from its ID.

      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      responseHeadersPolicyId - This parameter is required.
    • getResponseHeadersPolicyId

      @Stability(Stable) @NotNull public String getResponseHeadersPolicyId()
      The ID of the response headers policy.
      Specified by:
      getResponseHeadersPolicyId in interface IResponseHeadersPolicy