class ResponseHeadersPolicy (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.CloudFront.ResponseHeadersPolicy |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#ResponseHeadersPolicy |
 Java | software.amazon.awscdk.services.cloudfront.ResponseHeadersPolicy |
 Python | aws_cdk.aws_cloudfront.ResponseHeadersPolicy |
 TypeScript (source) | aws-cdk-lib » aws_cloudfront » ResponseHeadersPolicy |
Implements
IConstruct, IDependable, IResource, IResponse
A Response Headers Policy configuration.
Example
// Using an existing managed response headers policy
declare const bucketOrigin: origins.S3Origin;
new cloudfront.Distribution(this, 'myDistManagedPolicy', {
defaultBehavior: {
origin: bucketOrigin,
responseHeadersPolicy: cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
},
});
// Creating a custom response headers policy -- all parameters optional
const myResponseHeadersPolicy = new cloudfront.ResponseHeadersPolicy(this, 'ResponseHeadersPolicy', {
responseHeadersPolicyName: 'MyPolicy',
comment: 'A default policy',
corsBehavior: {
accessControlAllowCredentials: false,
accessControlAllowHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
accessControlAllowMethods: ['GET', 'POST'],
accessControlAllowOrigins: ['*'],
accessControlExposeHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
accessControlMaxAge: Duration.seconds(600),
originOverride: true,
},
customHeadersBehavior: {
customHeaders: [
{ header: 'X-Amz-Date', value: 'some-value', override: true },
{ header: 'X-Amz-Security-Token', value: 'some-value', override: false },
],
},
securityHeadersBehavior: {
contentSecurityPolicy: { contentSecurityPolicy: 'default-src https:;', override: true },
contentTypeOptions: { override: true },
frameOptions: { frameOption: cloudfront.HeadersFrameOption.DENY, override: true },
referrerPolicy: { referrerPolicy: cloudfront.HeadersReferrerPolicy.NO_REFERRER, override: true },
strictTransportSecurity: { accessControlMaxAge: Duration.seconds(600), includeSubdomains: true, override: true },
xssProtection: { protection: true, modeBlock: false, reportUri: 'https://example.com/csp-report', override: true },
},
removeHeaders: ['Server'],
serverTimingSamplingRate: 50,
});
new cloudfront.Distribution(this, 'myDistCustomPolicy', {
defaultBehavior: {
origin: bucketOrigin,
responseHeadersPolicy: myResponseHeadersPolicy,
},
});
Initializer
new ResponseHeadersPolicy(scope: Construct, id: string, props?: ResponseHeadersPolicyProps)
Parameters
- scope
Construct - id
string - props
ResponseHeaders Policy Props
Construct Props
| Name | Type | Description |
|---|---|---|
| comment? | string | A comment to describe the response headers policy. |
| cors | Response | A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). |
| custom | Response | A configuration for a set of custom HTTP response headers. |
| remove | string[] | A list of HTTP response headers that CloudFront removes from HTTP responses that it sends to viewers. |
| response | string | A unique name to identify the response headers policy. |
| security | Response | A configuration for a set of security-related HTTP response headers. |
| server | number | The percentage of responses that you want CloudFront to add the Server-Timing header to. |
comment?
Type:
string
(optional, default: no comment)
A comment to describe the response headers policy.
corsBehavior?
Type:
Response
(optional, default: no cors behavior)
A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
customHeadersBehavior?
Type:
Response
(optional, default: no custom headers behavior)
A configuration for a set of custom HTTP response headers.
removeHeaders?
Type:
string[]
(optional, default: no headers are removed)
A list of HTTP response headers that CloudFront removes from HTTP responses that it sends to viewers.
responseHeadersPolicyName?
Type:
string
(optional, default: generated from the id)
A unique name to identify the response headers policy.
securityHeadersBehavior?
Type:
Response
(optional, default: no security headers behavior)
A configuration for a set of security-related HTTP response headers.
serverTimingSamplingRate?
Type:
number
(optional, default: no Server-Timing header is added to HTTP responses)
The percentage of responses that you want CloudFront to add the Server-Timing header to.
Properties
| Name | Type | Description |
|---|---|---|
| env | Resource | The environment this resource belongs to. |
| node | Node | The tree node. |
| response | string | The ID of the response headers policy. |
| stack | Stack | The stack in which this resource is defined. |
| static CORS_ALLOW_ALL_ORIGINS | IResponse | Use this managed policy to allow simple CORS requests from any origin. |
| static CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS | IResponse | Use this managed policy to allow simple CORS requests from any origin and add a set of security headers to all responses that CloudFront sends to viewers. |
| static CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT | IResponse | Use this managed policy to allow CORS requests from any origin, including preflight requests. |
| static CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS | IResponse | Use this managed policy to allow CORS requests from any origin, including preflight requests, and add a set of security headers to all responses that CloudFront sends to viewers. |
| static SECURITY_HEADERS | IResponse | Use this managed policy to add a set of security headers to all responses that CloudFront sends to viewers. |
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
responseHeadersPolicyId
Type:
string
The ID of the response headers policy.
stack
Type:
Stack
The stack in which this resource is defined.
static CORS_ALLOW_ALL_ORIGINS
Type:
IResponse
Use this managed policy to allow simple CORS requests from any origin.
static CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS
Type:
IResponse
Use this managed policy to allow simple CORS requests from any origin and add a set of security headers to all responses that CloudFront sends to viewers.
static CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT
Type:
IResponse
Use this managed policy to allow CORS requests from any origin, including preflight requests.
static CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS
Type:
IResponse
Use this managed policy to allow CORS requests from any origin, including preflight requests, and add a set of security headers to all responses that CloudFront sends to viewers.
static SECURITY_HEADERS
Type:
IResponse
Use this managed policy to add a set of security headers to all responses that CloudFront sends to viewers.
Methods
| Name | Description |
|---|---|
| apply | Apply the given removal policy to this resource. |
| to | Returns a string representation of this construct. |
| static from | Import an existing Response Headers Policy from its ID. |
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromResponseHeadersPolicyId(scope, id, responseHeadersPolicyId)
public static fromResponseHeadersPolicyId(scope: Construct, id: string, responseHeadersPolicyId: string): IResponseHeadersPolicy
Parameters
- scope
Construct - id
string - responseHeadersPolicyId
string
Returns
Import an existing Response Headers Policy from its ID.