search

aws-amplify / amplify-cli

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development.
Apache License 2.0
2.82k stars 820 forks source link

Security headers for hosting on Amazon CloudFront and S3 #13102

Open mzarnawski opened 1 year ago

mzarnawski commented 1 year ago

Is this feature request related to a new or existing Amplify category?

hosting

Is this related to another service?

CloudFront

Describe the feature you'd like to request

Whoever wants to deploy a secure, production-grade frontend will sooner or later consider implementing security headers. Luckily CloudFront offers predefined policy for returning security headers: Referrer-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection with commonly implemented values. These can be combined with CORS settings.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-response-headers-policies.html

Describe the solution you'd like

Add option to amplify configure hosting to add managed security headers policy to CloudFront

Describe alternatives you've considered

Adding it manually to Cloudfront

Additional context

No response

Is this something that you'd be interested in working on?

Would this feature include a breaking change?

ykethan commented 1 year ago

Hey @mzarnawski, thank you for taking the time in filing this feature request. Marking this as feature request for further considerations.