By using AWS re:Post, you agree to the Terms of Use
/Strict transport security header on appsync responses/

Strict transport security header on appsync responses


What's the best way to have strict transport security header added to appsync responses?

I have seen recommendations around setting up cloudfront in front of appsync and setting the headers in cloudfront.

1 Answers


I do see that there are similar workarounds to the workaround which you have mentioned. However, there is a feature that was just recently released by AppSync which adds support for custom response headers. Please refer to this page for the announcement of the feature.

This adds a new resolver utility $util.http.addResponseHeaders() to configure additional headers in the response for a GraphQL API operation.

The other workarounds will add additional workload/steps so it is recommended to use this utility to add headers in the appsync response.

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions