Strict transport security header on appsync responses
What's the best way to have strict transport security header added to appsync responses?
I have seen recommendations around setting up cloudfront in front of appsync and setting the headers in cloudfront.
Hi,
I do see that there are similar workarounds to the workaround which you have mentioned. However, there is a feature that was just recently released by AppSync which adds support for custom response headers. Please refer to this page for the announcement of the feature.
This adds a new resolver utility $util.http.addResponseHeaders() to configure additional headers in the response for a GraphQL API operation.
The other workarounds will add additional workload/steps so it is recommended to use this utility to add headers in the appsync response.
Relevant questions
Strict transport security header on appsync responses
asked 2 months agoSecure ALB access only from Amazon CloudFront
Accepted Answerasked 2 years agoAdding "Access-Control-Allow-Origin" custom header to AWS Appsync GraphQL Response
asked a month agoProtect AWS Appsync APIs end point from public internet, restrict it to be accessible from Service deployed inside vpc
Accepted Answerasked 5 months agoupdate security custom header
asked 2 months agoAWS AppSync Penetration Test
asked 3 years agoCloudFront: InvalidHeadersForS3OriginException in Edit Behavior
asked a year agoNeptune supports Neo4j GraphQL?
asked 3 days agoCloudfront generated error for POST when everything from the server is fine
asked a year agoWhy does CloudFront still strip brotli from the accept-encoding header?
asked 3 years ago