[DEV-3592] Set cdn custom header Server

apps/infrastructure/src/env/dev/terraform.tfvars

@@ -15,6 +15,10 @@ cdn_custom_headers = [
     header   = "X-Robots-Tag"
     override = true
     value    = "noindex"
+    }, {
+    header   = "Server"
+    override = true
+    value    = "None"
   }
 ]
 

apps/infrastructure/src/env/prod/terraform.tfvars

@@ -10,7 +10,13 @@ tags = {
   CostCenter  = "BD110 - PORTALS and TOOLS"
 }
 
-cdn_custom_headers = []
+cdn_custom_headers = [
+  {
+    header   = "Server"
+    override = true
+    value    = "None"
+  }
+]
 
 dns_domain_name = "developer.pagopa.it"
 

apps/infrastructure/src/env/uat/terraform.tfvars

@@ -15,6 +15,11 @@ cdn_custom_headers = [
     header   = "X-Robots-Tag"
     override = true
     value    = "noindex"
+  },
+  {
+    header   = "Server"
+    override = true
+    value    = "None"
   }
 ]
 

apps/infrastructure/src/modules/cms/cloudfront.tf

@@ -1,3 +1,16 @@
+resource "aws_cloudfront_response_headers_policy" "cms_media_library" {
+  name    = "cms-media-library-response-headers-policy"
+  comment = "Response headers policy for CMS media library distribution"
+
+  custom_headers_config {
+    items {
+      header   = "Server"
+      override = true
+      value    = "None"
+    }
+  }
+}
+
 ## CDN to Media Library for CMS Strapi
 module "cloudfront_cms" {
   source = "git::https://github.com/terraform-aws-modules/terraform-aws-cloudfront.git?ref=ed0f1f983f606304e00ad9f48399bd2fe0b79233" # v3.2.2
@@ -30,13 +43,14 @@ module "cloudfront_cms" {
   aliases = module.strapi_media_library_ssl_certificate.distinct_domain_names
 
   default_cache_behavior = {
-    allowed_methods        = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
-    cached_methods         = ["GET", "HEAD", "OPTIONS"]
-    target_origin_id       = "s3_one"
-    viewer_protocol_policy = "redirect-to-https"
-    min_ttl                = 0     # min time for objects to live in the distribution cache
-    default_ttl            = 3600  # default time for objects to live in the distribution cache
-    max_ttl                = 86400 # max time for objects to live in the distribution cache
+    allowed_methods            = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
+    cached_methods             = ["GET", "HEAD", "OPTIONS"]
+    target_origin_id           = "s3_one"
+    viewer_protocol_policy     = "redirect-to-https"
+    min_ttl                    = 0     # min time for objects to live in the distribution cache
+    default_ttl                = 3600  # default time for objects to live in the distribution cache
+    max_ttl                    = 86400 # max time for objects to live in the distribution cache
+    response_headers_policy_id = aws_cloudfront_response_headers_policy.cms_media_library.id
 
     forwarded_values = {
       query_string = false

apps/infrastructure/src/modules/docs_redirect/cloudfront.tf

@@ -8,6 +8,19 @@ resource "aws_cloudfront_function" "redirect_viewer_request_handler" {
   code    = var.cloudfront_function_code
 }
 
+resource "aws_cloudfront_response_headers_policy" "redirect" {
+  name    = "redirect-response-headers-policy"
+  comment = "Response headers policy for redirect distribution"
+
+  custom_headers_config {
+    items {
+      header   = "Server"
+      override = true
+      value    = "None"
+    }
+  }
+}
+
 resource "aws_cloudfront_distribution" "redirect" {
 
   origin {
@@ -34,8 +47,9 @@ resource "aws_cloudfront_distribution" "redirect" {
     cached_methods   = ["GET", "HEAD"]
     target_origin_id = "hosting.gitbook.io"
 
-    cache_policy_id          = "4135ea2d-6df8-44a3-9df3-4b5a84be39ad" # Managed-CachingDisabled
-    origin_request_policy_id = "216adef6-5c7f-47e4-b989-5492eafa07d3" # Managed-AllViewer
+    cache_policy_id            = "4135ea2d-6df8-44a3-9df3-4b5a84be39ad" # Managed-CachingDisabled
+    origin_request_policy_id   = "216adef6-5c7f-47e4-b989-5492eafa07d3" # Managed-AllViewer
+    response_headers_policy_id = aws_cloudfront_response_headers_policy.redirect.id
 
     viewer_protocol_policy = "redirect-to-https"
     min_ttl                = 0 # min time for objects to live in the distribution cache

apps/infrastructure/src/modules/video_streaming/main.tf

@@ -454,6 +454,14 @@ resource "aws_cloudfront_response_headers_policy" "cors_policy" {
   name    = "cors-policy-video-streaming"
   comment = "Cors policy for video streaming."
 
+  custom_headers_config {
+    items {
+      header   = "Server"
+      override = true
+      value    = "None"
+    }
+  }
+
   cors_config {
     access_control_allow_credentials = false
 

apps/infrastructure/src/modules/website/cloudfront.tf

@@ -18,16 +18,19 @@ resource "aws_cloudfront_response_headers_policy" "websites" {
   name    = "websites"
   comment = "Response custom headers for public static website"
 
-  dynamic "custom_headers_config" {
-    for_each = length(var.cdn_custom_headers) > 0 ? ["dummy"] : []
-    content {
-      dynamic "items" {
-        for_each = var.cdn_custom_headers
-        content {
-          header   = items.value.header
-          override = items.value.override
-          value    = items.value.value
-        }
+  custom_headers_config {
+    items {
+      header   = "Server"
+      override = true
+      value    = "None"
+    }
+
+    dynamic "items" {
+      for_each = var.cdn_custom_headers
+      content {
+        header   = items.value.header
+        override = items.value.override
+        value    = items.value.value
       }
     }
   }
@@ -56,6 +59,14 @@ resource "aws_cloudfront_response_headers_policy" "static_content_cors" {
   name    = "cors-policy"
   comment = "Cors policy for static contents"
 
+  custom_headers_config {
+    items {
+      header   = "Server"
+      override = true
+      value    = "None"
+    }
+  }
+
   cors_config {
     access_control_allow_credentials = false