Skip to content

Instantly share code, notes, and snippets.

@KyMidd

KyMidd/lambdaAtEdge-Lambda.js Secret

Created August 29, 2022 18:36
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save KyMidd/56e21d3e410309d13b325eaaf0be918e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save KyMidd/56e21d3e410309d13b325eaaf0be918e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
lambdaAtEdge-Lambda.js
'use strict';
exports.handler = (event, context, callback) => {
//Get contents of response
const response = event.Records[0].cf.response;
const headers = response.headers;
//Set new headers
headers['strict-transport-security'] = [{key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubdomains; preload'}];
headers['content-security-policy'] = [{key: 'Content-Security-Policy', value: "default-src 'self' *.domain1.com *.domain2.com; font-src 'self' fonts.gstatic.com; frame-src *.domain1.com *.domain2.net; img-src 'self' data: *.domain1.com *.domain2.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.domain1.com *.domain2.com; style-src 'self' 'unsafe-inline' *.domain1.com *.domain2.com;"}];
headers['x-content-type-options'] = [{key: 'X-Content-Type-Options', value: 'nosniff'}];
headers['x-frame-options'] = [{key: 'X-Frame-Options', value: 'DENY'}];
headers['x-xss-protection'] = [{key: 'X-XSS-Protection', value: '1; mode=block'}];
headers['referrer-policy'] = [{key: 'Referrer-Policy', value: 'same-origin'}];
headers['Cache-Control'] = [{key: 'Cache-Control', value: 'max-age=31536000'}]
//Return modified response
callback(null, response);
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment