laurilehmijoki
commented
8 years ago How would you like to express the headers in the config file?
Closed derekperkins closed 8 years ago
laurilehmijoki
commented
8 years ago How would you like to express the headers in the config file?
derekperkins
commented
8 years ago I think it could be almost identical to the max age setup, just with one extra nested array.
max_age:
"*.html":
X-XSS-Protection: 1
"assets/*":
X-Frame-Options: DENY
"*":
X-Frame-Options: SAMEORIGIN@derekperkins it seems that AWS S3 websites do not emit the user-defined metadata of S3 objects. I verified this by adding the user-defined metadata x-amz-meta-test: foo on my S3 website object, but I did not get it back from the website HTTP response.
Also, I could not find any documentation on defining custom HTTP headers for S3 website objects.
Any thoughts on the above?
derekperkins
commented
8 years ago AWS S3 websites do not emit the user-defined metadata of S3 objects
I think you have to configure Cloudfront separately to allow those headers through. That's mostly irrelevant though because they don't support the actual security headers I'm looking for. If someone really cared, I think you could make it work with the x-amz-meta- prefix, but unless someone else is asking for that support, I don't think it's worth your time.
https://forums.aws.amazon.com/thread.jspa?threadID=149569 https://forums.aws.amazon.com/thread.jspa?threadID=105695
I'd like to add some custom headers. My current question revolves around some security headers listed below, but it would also be very nice to be able to set arbitrary headers somehow.
X-Frame-OptionsContent-Security-PolicyX-XSS-Protection