Simplify `server-side-website` with the new `AllViewerExceptHostHeader` policy

[mnapoli]

CloudFront added a new AllViewerExceptHostHeader policy: https://twitter.com/cristiangraz/status/1628585607479050240

This is exactly what we needed!

We can get rid of:

• our custom "origin policy" (it was needed to avoid forwarding the Host header)
• our custom "cache policy" (it was needed to forward the Authorization header)

We gain:

• less code for us
• less config for users 🎉
• less resources to deploy, meaning faster deployments 🎉
• users don't have to choose or configure the headers they want to forward 🎉
• users are no longer limited by the limit of 10 forwarded headers 🎉

If you were setting the forwardedHeader config in serverless.yml to add more headers to forward, you can now safely remove this option:

constructs:
    website:
        # ...

        # REMOVE THIS 👇
        forwardedHeaders:
            - Accept
            - Accept-Language
            # ...
            - X-Custom-Header

We also finally solve 100% properly #144

Fixes #144 Fixes #229 Fixes #291 and so many more in bref.sh 🎉

[kevincerro]

Great news 🚀

[buddhaCode]

Does this also solve the issue, that u have to name/list all custom headers like X-Livewire and custom headers for CSRF token in Laravel?

Edit: Okay. Saw #306. Thats absolutely great news!

[mnapoli]

@buddhaCode yeeeessss!

[esimonetti]

:heart: thank you!!!!