Skip to content

Commit 7b4c0de

Browse files
committed
chore: update custom header response
1 parent 644706b commit 7b4c0de

1 file changed

Lines changed: 6 additions & 60 deletions

File tree

shared/infra/aws/lib/network.ts

Lines changed: 6 additions & 60 deletions
Original file line numberDiff line numberDiff line change
@@ -165,13 +165,13 @@ export class Network extends Construct {
165165
});
166166
webFrontendBucket.grantRead(originIdentity);
167167

168-
const corsWithTracingHeadersPolicy = new ResponseHeadersPolicy(
168+
const documentPolicyHeader = new ResponseHeadersPolicy(
169169
this,
170-
"CorsWithTracingHeadersPolicy",
170+
"DocumentPolicyHeader",
171171
{
172-
responseHeadersPolicyName: `Stickerlandia-CORS-Tracing-${props.env}`,
172+
responseHeadersPolicyName: `Stickerlandia-Document-Policy-${props.env}`,
173173
comment:
174-
"CORS policy with W3C Trace Context and Datadog headers for RUM-APM correlation",
174+
"Add custom header to enable Datadog RUM browser profiling",
175175
// Enable browser profiling for Datadog RUM
176176
// See: https://docs.datadoghq.com/real_user_monitoring/correlate_with_other_telemetry/profiling/browser_profiling/
177177
customHeadersBehavior: {
@@ -182,61 +182,7 @@ export class Network extends Construct {
182182
override: true,
183183
},
184184
],
185-
},
186-
corsBehavior: {
187-
accessControlAllowCredentials: true,
188-
accessControlAllowHeaders: [
189-
"Content-Type",
190-
"Authorization",
191-
"Accept",
192-
// W3C Trace Context headers for distributed tracing
193-
"traceparent",
194-
"tracestate",
195-
// Datadog-specific headers for RUM-APM correlation
196-
"x-datadog-trace-id",
197-
"x-datadog-parent-id",
198-
"x-datadog-origin",
199-
"x-datadog-sampling-priority",
200-
],
201-
accessControlAllowMethods: [
202-
"GET",
203-
"POST",
204-
"PUT",
205-
"DELETE",
206-
"PATCH",
207-
"OPTIONS",
208-
],
209-
accessControlAllowOrigins: [
210-
`*`, // Allow all origins for development
211-
],
212-
accessControlExposeHeaders: [
213-
// Allow browser to read trace headers from responses
214-
"traceparent",
215-
"tracestate",
216-
"x-datadog-trace-id",
217-
"x-datadog-parent-id",
218-
],
219-
accessControlMaxAge: Duration.hours(1),
220-
originOverride: true,
221-
},
222-
securityHeadersBehavior: {
223-
contentTypeOptions: { override: true },
224-
frameOptions: {
225-
frameOption: HeadersFrameOption.SAMEORIGIN,
226-
override: true,
227-
},
228-
referrerPolicy: {
229-
referrerPolicy:
230-
HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
231-
override: true,
232-
},
233-
strictTransportSecurity: {
234-
accessControlMaxAge: Duration.days(365),
235-
includeSubdomains: true,
236-
override: true,
237-
},
238-
xssProtection: { protection: true, modeBlock: true, override: true },
239-
},
185+
}
240186
},
241187
);
242188

@@ -266,7 +212,7 @@ export class Network extends Construct {
266212
origin: S3BucketOrigin.withOriginAccessIdentity(webFrontendBucket, {
267213
originAccessIdentity: originIdentity,
268214
}),
269-
responseHeadersPolicy: corsWithTracingHeadersPolicy,
215+
responseHeadersPolicy: documentPolicyHeader,
270216
},
271217
});
272218

0 commit comments

Comments
 (0)