Skip to content

chore: replace security-header-lambda with native cloudfront responseheaderpolicy #11628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joshbalfour wants to merge 2 commits into
base: master
Choose a base branch
from
Open

chore: replace security-header-lambda with native cloudfront responseheaderpolicy #11628

joshbalfour wants to merge 2 commits into from

Conversation

@joshbalfour
Copy link
Contributor

@joshbalfour joshbalfour commented Oct 2, 2025
edited
Loading

needs testing on dev

unit test fail is due to cognito-custom-mailer coverage so unrelated

@rpt-uk-github
Copy link
Contributor

rpt-uk-github commented Oct 2, 2025
edited
Loading

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

code/snyk check is complete. No issues have been found. (View Details)

@bashleigh
Copy link
Contributor

bashleigh commented Oct 3, 2025

Feel free to tell me where to go 😅 should we make it consistent, like you have or make it a construct to future proof it. Sorry in advance

plittlewood-rpt
plittlewood-rpt reviewed Oct 6, 2025
View reviewed changes
packages/ts-scripts/src/cdk/components/security-headers.ts
ResponseHeadersPolicy,
} from 'aws-cdk-lib/aws-cloudfront'

const defaultContentSecurityPolicy =
Copy link
Contributor

@plittlewood-rpt plittlewood-rpt Oct 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These differ between dev and prod. Is this catered for here?

Copy link
Contributor Author

@joshbalfour joshbalfour Oct 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's purposefully not, there shouldn't be any difference in config between prod and dev

plittlewood-rpt
plittlewood-rpt requested changes Oct 6, 2025
View reviewed changes
Copy link
Contributor

@plittlewood-rpt plittlewood-rpt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you let me know about dev/prod difference (see comment) before we merge this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@plittlewood-rpt plittlewood-rpt plittlewood-rpt requested changes

@bashleigh bashleigh bashleigh approved these changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

dependencies security-header-lambda ts-scripts

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@joshbalfour @rpt-uk-github @bashleigh @plittlewood-rpt