Strict transport security header on appsync responses

What's the best way to have strict transport security header added to appsync responses?

I have seen recommendations around setting up cloudfront in front of appsync and setting the headers in cloudfront.

주제

서버리스 프론트엔드 웹 및 모바일 애플리케이션 통합 AWS Well-Architected 프레임워크

태그

AWS AppSync 보안

언어

English

bbigs

질문됨 2년 전766회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

이 답변이 도움이 되었나요?커뮤니티가 여러분의 지식을 활용할 수 있도록 정답을 찬성하세요.

Hi,

I do see that there are similar workarounds to the workaround which you have mentioned. However, there is a feature that was just recently released by AppSync which adds support for custom response headers. Please refer to this page for the announcement of the feature.

This adds a new resolver utility $util.http.addResponseHeaders() to configure additional headers in the response for a GraphQL API operation.

The other workarounds will add additional workload/steps so it is recommended to use this utility to add headers in the appsync response.

지원 엔지니어

Ryan_A

답변함 2년 전

Strict transport security header on appsync responses

관련 콘텐츠