Skip to content

Set security headers on CloudFront responses #414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
8 commits merged into from
Jun 22, 2020
Merged

Set security headers on CloudFront responses #414

8 commits merged into from
Jun 22, 2020

Conversation

@ghost
Copy link

@ghost ghost commented Jun 11, 2020
edited by ghost
Loading

Issue #, if available:

Description of changes:

  • Create edge lambda to set security-related headers on the CloudFront distro
  • Two other unrelated fixes:
    • Fix a type error when leaving the APIs page
    • Bust cache so the API properly loads in the APIs page after immediately enabling it in the admin panel

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ghost ghost changed the title Set security headers on CFN responses Set security headers on CloudFront responses Jun 11, 2020
@ghost ghost force-pushed the set-security-headers branch 2 times, most recently from 96b5bc1 to 1d75724 Compare June 19, 2020 20:26
amazon-meaisiah added 8 commits June 19, 2020 19:48
Set security headers on CFN responses
f6d89d2
Create replicator
33ca9ef
Fix lambda
3a5ea88
Fix a logging error in a missed route
12c388e
Add a variable so people can reset the edge lambda
8d861ea 
This could be necessary in the future, so I want to lay the groundwork
now. Also, it's a potentially common need in development.
Fix type error
73ee9ec 
Swagger UI doesn't offer any facilities to clean up after itself, so we
have to tolerate it.
Bust cache when loading current API
6107223 
When starting from scratch, if you go to the admin panel, set the first
API to display, and switch back to the APIs page, it's now out of date
with what's server-side.
Run npm install in lambdas/cloudfront-security
2191174
@ghost ghost force-pushed the set-security-headers branch from 1d75724 to 2191174 Compare June 22, 2020 18:23
@ghost ghost marked this pull request as ready for review June 22, 2020 18:33
@ghost
Copy link
Author

ghost commented Jun 22, 2020

Review link ignoring last commit: https://github.com/awslabs/aws-api-gateway-developer-portal/pull/414/files/6107223f8b701a81c16b5ef5d39f6f22525564fe

@ghost ghost merged commit a1f1642 into staging Jun 22, 2020
@ghost ghost deleted the set-security-headers branch June 22, 2020 20:40
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@a-tan a-tan Awaiting requested review from a-tan

@etsung-aws etsung-aws Awaiting requested review from etsung-aws

@jiyou95 jiyou95 Awaiting requested review from jiyou95

@MynockSpit MynockSpit Awaiting requested review from MynockSpit

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@skylarbemus @zil-aws