Skip to content

Instantly share code, notes, and snippets.

@philfreo
Created February 3, 2020 21:08
Show Gist options
  • Save philfreo/3497afb69c3fe737c523fe347d8a4309 to your computer and use it in GitHub Desktop.
Save philfreo/3497afb69c3fe737c523fe347d8a4309 to your computer and use it in GitHub Desktop.
Lambda@Edge function for setting HSTS header for Cloudfront+S3 sites

Set this up as an "Origin Response" Cloudfront Trigger.

exports.handler = async(event, context) => {
const response = event.Records[0].cf.response;
const headers = response.headers;
// If you can, include "includeSubdomains" and "preload"
// headers['strict-transport-security'] = [{ key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubdomains; preload' }];
// Otherwise...
headers['strict-transport-security'] = [{ key: 'Strict-Transport-Security', value: 'max-age=63072000' }];
return response;
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment