Strict transport security header on appsync responses
What's the best way to have strict transport security header added to appsync responses?
I have seen recommendations around setting up cloudfront in front of appsync and setting the headers in cloudfront.
I do see that there are similar workarounds to the workaround which you have mentioned. However, there is a feature that was just recently released by AppSync which adds support for custom response headers. Please refer to this page for the announcement of the feature.
This adds a new resolver utility $util.http.addResponseHeaders() to configure additional headers in the response for a GraphQL API operation.
The other workarounds will add additional workload/steps so it is recommended to use this utility to add headers in the appsync response.
Strict transport security header on appsync responsesasked 2 months ago
Secure ALB access only from Amazon CloudFrontAccepted Answerasked 2 years ago
Adding "Access-Control-Allow-Origin" custom header to AWS Appsync GraphQL Responseasked a month ago
Protect AWS Appsync APIs end point from public internet, restrict it to be accessible from Service deployed inside vpcAccepted Answerasked 5 months ago
update security custom headerasked 2 months ago
AWS AppSync Penetration Testasked 3 years ago
CloudFront: InvalidHeadersForS3OriginException in Edit Behaviorasked a year ago
Neptune supports Neo4j GraphQL?asked 3 days ago
Cloudfront generated error for POST when everything from the server is fineasked a year ago
Why does CloudFront still strip brotli from the accept-encoding header?asked 3 years ago