如何将标题添加到CloudFront响应? [英] How to add headers to CloudFront response?
本文介绍了如何将标题添加到CloudFront响应?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用
解决方案
我建议使用 Lambda @边缘,将您要查找的所有标头附加到原始响应中,然后返回给查看器.
将其添加为起源响应事件时,可以像下面的示例一样简单地完成此操作.
导入jsondef lambda_handler(事件,上下文):响应= event [记录"] [0] ["cf"] [响应"]标头= response [标头"]headers ['strict-transport-security'] = [{key:'Strict-Transport-Security',value:'max-age = 63072000;includeSubdomains;preload'}];headers ['content-security-policy'] = [{key:'Content-Security-Policy',value:'default-src'none';img-src'self';script-src'self';style-src'self';object-src'none'}]];headers ['x-content-type-options'] = [{{key:'X-Content-Type-Options',value:'nosniff'}]];headers ['x-frame-options'] = [{key:'X-Frame-Options',value:'DENY'}]];headers ['x-xss-protection'] = [{key:'X-XSS-Protection',value:'1;mode = block'}];headers ['referrer-policy'] = [{key:'Referrer-Policy',value:'same-origin'}];response ['headers'] =标头返回响应 有关更多信息,请参见https://observatory.mozilla.org/analyze and I got F score.
The reasons are:
Content Security Policy (CSP) header not implemented
X-XSS-Protection header not implemented
X-Frame-Options (XFO) header not implemented
...
I serve my website using CloudFront.
Where I put those missing headers to CloudFront?
解决方案
I would recommend using Lambda@Edge to append any headers that you're looking for to your origin response before it is returned to the viewer.
It can be done as simply as the below example when added as a Origin Response event.
import json
def lambda_handler(event, context):
response = event["Records"][0]["cf"]["response"]
headers = response["headers"]
headers['strict-transport-security'] = [{key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubdomains; preload'}];
headers['content-security-policy'] = [{key: 'Content-Security-Policy', value: "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'"}];
headers['x-content-type-options'] = [{key: 'X-Content-Type-Options', value: 'nosniff'}];
headers['x-frame-options'] = [{key: 'X-Frame-Options', value: 'DENY'}];
headers['x-xss-protection'] = [{key: 'X-XSS-Protection', value: '1; mode=block'}];
headers['referrer-policy'] = [{key: 'Referrer-Policy', value: 'same-origin'}];
response['headers'] = headers
return response
For more information take a look at the Adding HTTP Security Headers Using Lambda@Edge and Amazon CloudFront blog post.
这篇关于如何将标题添加到CloudFront响应?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
