Set this up as an "Origin Response" Cloudfront Trigger.
Lambda@Edge function for setting HSTS header for Cloudfront+S3 sites
exports.handler = async(event, context) => { | |
const response = event.Records[0].cf.response; | |
const headers = response.headers; | |
// If you can, include "includeSubdomains" and "preload" | |
// headers['strict-transport-security'] = [{ key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubdomains; preload' }]; | |
// Otherwise... | |
headers['strict-transport-security'] = [{ key: 'Strict-Transport-Security', value: 'max-age=63072000' }]; | |
return response; | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment