COEP and COOP response headers with S3+ Cloudfront

Question

I have a S3 + Cloudfront website. I would like to add "Cross-Origin-Embedder-Policy: require-corp: and "Cross-Origin-Opener-Policy: same-origin" . I tried setting them under Cloudfront->policies->Response headers. But it doesn't seem to be working. Where can I add these headers? In S3 or Cloudfront or both locations?

Parthasaradi Challa · Accepted Answer

Hi Mlasram,

Please try this solution it will be helpful for you.

To add the Cross-Origin-Embedder-Policy and Cross-Origin-Opener-Policy headers to your S3 + CloudFront website, create a response headers policy in the CloudFront console. Navigate to Policies, create a new response headers policy, and add the headers Cross-Origin-Embedder-Policy: require-corp and Cross-Origin-Opener-Policy: same-origin. Save the policy, then attach it to your CloudFront distribution by editing the desired behavior and selecting the new policy under Response headers policy. If the changes don't appear immediately, invalidate the CloudFront cache. This setup ensures the headers are consistently applied to all responses served by CloudFront.

Please look at AWS Document Link you will get more information.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/modifying-response-headers.html

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-response-headers-policies.html

rePost-User-8415944 · Answer

Thanks! I had neglected to do this part -  "then attach it to your CloudFront distribution by editing the desired behavior and selecting the new policy under Response headers policy"

COEP and COOP response headers with S3+ Cloudfront

Add your answer

Relevant content