ResponseHeadersPolicy
cloudfront.services.k8s.aws/v1alpha1
| Type | Link |
|---|---|
| GoDoc | cloudfront-controller/apis/v1alpha1#ResponseHeadersPolicy |
Metadata
| Property | Value |
|---|---|
| Scope | Namespaced |
| Kind | ResponseHeadersPolicy |
| ListKind | ResponseHeadersPolicyList |
| Plural | responseheaderspolicies |
| Singular | responseheaderspolicy |
A response headers policy.
A response headers policy contains information about a set of HTTP response headers.
After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it’s attached to a cache behavior, the response headers policy affects the HTTP headers that CloudFront includes in HTTP responses to requests that match the cache behavior. CloudFront adds or removes response headers according to the configuration of the response headers policy.
For more information, see Adding or removing HTTP headers in CloudFront responses (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/modifying-response-headers.html) in the Amazon CloudFront Developer Guide.
Spec
responseHeadersPolicyConfig:
comment: string
corsConfig:
accessControlAllowCredentials: boolean
accessControlAllowHeaders:
items:
- string
accessControlAllowMethods:
items:
- string
accessControlAllowOrigins:
items:
- string
accessControlExposeHeaders:
items:
- string
accessControlMaxAgeSec: integer
originOverride: boolean
customHeadersConfig:
items:
- header: string
override: boolean
value: string
name: string
removeHeadersConfig:
items:
- header: string
securityHeadersConfig:
contentSecurityPolicy:
contentSecurityPolicy: string
override: boolean
contentTypeOptions:
override: boolean
frameOptions:
frameOption: string
override: boolean
referrerPolicy:
override: boolean
referrerPolicy: string
strictTransportSecurity:
accessControlMaxAgeSec: integer
includeSubdomains: boolean
override: boolean
preload: boolean
xSSProtection:
modeBlock: boolean
override: boolean
protection: boolean
reportURI: string
serverTimingHeadersConfig:
enabled: boolean
samplingRate: number
| Field | Description |
|---|---|
| responseHeadersPolicyConfig Required | object Contains metadata about the response headers policy, and a set of configurations that specify the HTTP headers. |
| responseHeadersPolicyConfig.comment Optional | string |
| responseHeadersPolicyConfig.corsConfig Optional | object A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy. For more information about CORS, see Cross-Origin Resource Sharing (CORS) (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) in the MDN Web Docs. |
| responseHeadersPolicyConfig.corsConfig.accessControlAllowCredentials Optional | boolean |
| responseHeadersPolicyConfig.corsConfig.accessControlAllowHeaders Optional | object A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header. For more information about the Access-Control-Allow-Headers HTTP response header, see Access-Control-Allow-Headers (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) in the MDN Web Docs. |
| responseHeadersPolicyConfig.corsConfig.accessControlAllowHeaders.items Optional | array |
| responseHeadersPolicyConfig.corsConfig.accessControlAllowHeaders.items.[] Required | string |
| responseHeadersPolicyConfig.corsConfig.accessControlAllowMethods.items Optional | array |
| responseHeadersPolicyConfig.corsConfig.accessControlAllowMethods.items.[] Required | string |
| responseHeadersPolicyConfig.corsConfig.accessControlAllowOrigins.items Optional | array |
| responseHeadersPolicyConfig.corsConfig.accessControlAllowOrigins.items.[] Required | string |
| responseHeadersPolicyConfig.corsConfig.accessControlExposeHeaders.items Optional | array |
| responseHeadersPolicyConfig.corsConfig.accessControlExposeHeaders.items.[] Required | string |
| responseHeadersPolicyConfig.corsConfig.originOverride Optional | boolean |
| responseHeadersPolicyConfig.customHeadersConfig Optional | object A list of HTTP response header names and their values. CloudFront includes these headers in HTTP responses that it sends for requests that match a cache behavior that’s associated with this response headers policy. |
| responseHeadersPolicyConfig.customHeadersConfig.items Optional | array |
| responseHeadersPolicyConfig.customHeadersConfig.items.[] Required | object An HTTP response header name and its value. CloudFront includes this header |
| in HTTP responses that it sends for requests that match a cache behavior | |
| that’s associated with this response headers policy. | |
| responseHeadersPolicyConfig.customHeadersConfig.items.[].override Optional | boolean |
| responseHeadersPolicyConfig.customHeadersConfig.items.[].value Optional | string |
| responseHeadersPolicyConfig.name Optional | string |
| responseHeadersPolicyConfig.removeHeadersConfig Optional | object A list of HTTP header names that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to. |
| responseHeadersPolicyConfig.removeHeadersConfig.items Optional | array |
| responseHeadersPolicyConfig.removeHeadersConfig.items.[] Required | object The name of an HTTP header that CloudFront removes from HTTP responses to |
| requests that match the cache behavior that this response headers policy | |
| is attached to. | |
| responseHeadersPolicyConfig.securityHeadersConfig Optional | object A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy. |
| responseHeadersPolicyConfig.securityHeadersConfig.contentSecurityPolicy Optional | object The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header. For more information about the Content-Security-Policy HTTP response header, see Content-Security-Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs. |
| responseHeadersPolicyConfig.securityHeadersConfig.contentSecurityPolicy.contentSecurityPolicy Optional | string |
| responseHeadersPolicyConfig.securityHeadersConfig.contentSecurityPolicy.override Optional | boolean |
| responseHeadersPolicyConfig.securityHeadersConfig.contentTypeOptions Optional | object Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. For more information about the X-Content-Type-Options HTTP response header, see X-Content-Type-Options (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) in the MDN Web Docs. |
| responseHeadersPolicyConfig.securityHeadersConfig.contentTypeOptions.override Optional | boolean |
| responseHeadersPolicyConfig.securityHeadersConfig.frameOptions Optional | object Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. For more information about the X-Frame-Options HTTP response header, see X-Frame-Options (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs. |
| responseHeadersPolicyConfig.securityHeadersConfig.frameOptions.frameOption Optional | string |
| responseHeadersPolicyConfig.securityHeadersConfig.frameOptions.override Optional | boolean |
| responseHeadersPolicyConfig.securityHeadersConfig.referrerPolicy Optional | object Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value. For more information about the Referrer-Policy HTTP response header, see Referrer-Policy (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs. |
| responseHeadersPolicyConfig.securityHeadersConfig.referrerPolicy.override Optional | boolean |
| responseHeadersPolicyConfig.securityHeadersConfig.referrerPolicy.referrerPolicy Optional | string |
| responseHeadersPolicyConfig.securityHeadersConfig.strictTransportSecurity Optional | object Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. For more information about the Strict-Transport-Security HTTP response header, see Strict-Transport-Security (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) in the MDN Web Docs. |
| responseHeadersPolicyConfig.securityHeadersConfig.strictTransportSecurity.accessControlMaxAgeSec Optional | integer |
| responseHeadersPolicyConfig.securityHeadersConfig.strictTransportSecurity.includeSubdomains Optional | boolean |
| responseHeadersPolicyConfig.securityHeadersConfig.strictTransportSecurity.override Optional | boolean |
| responseHeadersPolicyConfig.securityHeadersConfig.strictTransportSecurity.preload Optional | boolean |
| responseHeadersPolicyConfig.securityHeadersConfig.xSSProtection Optional | object Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. For more information about the X-XSS-Protection HTTP response header, see X-XSS-Protection (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs. |
| responseHeadersPolicyConfig.securityHeadersConfig.xSSProtection.modeBlock Optional | boolean |
| responseHeadersPolicyConfig.securityHeadersConfig.xSSProtection.override Optional | boolean |
| responseHeadersPolicyConfig.securityHeadersConfig.xSSProtection.protection Optional | boolean |
| responseHeadersPolicyConfig.securityHeadersConfig.xSSProtection.reportURI Optional | string |
| responseHeadersPolicyConfig.serverTimingHeadersConfig Optional | object A configuration for enabling the Server-Timing header in HTTP responses sent from CloudFront. CloudFront adds this header to HTTP responses that it sends in response to requests that match a cache behavior that’s associated with this response headers policy. You can use the Server-Timing header to view metrics that can help you gain insights about the behavior and performance of CloudFront. For example, you can see which cache layer served a cache hit, or the first byte latency from the origin when there was a cache miss. You can use the metrics in the Server-Timing header to troubleshoot issues or test the efficiency of your CloudFront configuration. For more information, see Server-Timing header (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-response-headers-policies.html#server-timing-header) in the Amazon CloudFront Developer Guide. |
| responseHeadersPolicyConfig.serverTimingHeadersConfig.enabled Optional | boolean |
| responseHeadersPolicyConfig.serverTimingHeadersConfig.samplingRate Optional | number |
Status
ackResourceMetadata:
arn: string
ownerAccountID: string
region: string
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
eTag: string
id: string
lastModifiedTime: string
| Field | Description |
|---|---|
| ackResourceMetadata Optional | object All CRs managed by ACK have a common Status.ACKResourceMetadata memberthat is used to contain resource sync state, account ownership, constructed ARN for the resource |
| ackResourceMetadata.arn Optional | string ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an “adopted” resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR’s Spec field values. TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse https://github.com/aws/aws-controllers-k8s/issues/270 |
| ackResourceMetadata.ownerAccountID Required | string OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource. |
| ackResourceMetadata.region Required | string Region is the AWS region in which the resource exists or will exist. |
| conditions Optional | array All CRS managed by ACK have a common Status.Conditions member thatcontains a collection of ackv1alpha1.Condition objects that describethe various terminal states of the CR and its backend AWS service API resource |
| conditions.[] Required | object Condition is the common struct used by all CRDs managed by ACK service |
| controllers to indicate terminal states of the CR and its backend AWS | |
| service API resource | |
| conditions.[].message Optional | string A human readable message indicating details about the transition. |
| conditions.[].reason Optional | string The reason for the condition’s last transition. |
| conditions.[].status Optional | string Status of the condition, one of True, False, Unknown. |
| conditions.[].type Optional | string Type is the type of the Condition |
| eTag Optional | string |
| id Optional | string The identifier for the response headers policy. |
| lastModifiedTime Optional | string The date and time when the response headers policy was last modified. |