claudijd · July 22, 2019 14:15
diff --git a/index.js b/index.js
 'use strict';

 exports.handler = (event, context, callback) => {
    const response = event.Records[0].cf.response;
    const headers = response.headers;
    
    // See https://wiki.mozilla.org/Security/Guidelines/Web_Security
    headers['Strict-Transport-Security'] = [{'key': 'Strict-Transport-Security', 'value': 'max-age=63072000'}];
    headers['X-Content-Type-Options'] = [{'key': 'X-Content-Type-Options', 'value': 'nosniff'}];
    headers['X-Frame-Options'] = [{'key': 'X-Frame-Options', 'value': 'DENY'}];
    headers['X-XSS-Protection'] = [{'key': 'X-XSS-Protection', 'value': '1; mode=block'}];
    headers['Content-Security-Policy'] = [{'key': 'Content-Security-Policy', 'value': "default-src 'none'; script-src 'self'; img-src 'self'; font-src 'self'; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; object-src 'self'"}];
    callback(null, response);
 };
	'use strict';

	exports.handler = (event, context, callback) => {
	const response = event.Records[0].cf.response;
	const headers = response.headers;

	// See https://wiki.mozilla.org/Security/Guidelines/Web_Security
	headers['Strict-Transport-Security'] = [{'key': 'Strict-Transport-Security', 'value': 'max-age=63072000'}];
	headers['X-Content-Type-Options'] = [{'key': 'X-Content-Type-Options', 'value': 'nosniff'}];
	headers['X-Frame-Options'] = [{'key': 'X-Frame-Options', 'value': 'DENY'}];
	headers['X-XSS-Protection'] = [{'key': 'X-XSS-Protection', 'value': '1; mode=block'}];
	headers['Content-Security-Policy'] = [{'key': 'Content-Security-Policy', 'value': "default-src 'none'; script-src 'self'; img-src 'self'; font-src 'self'; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; object-src 'self'"}];
	callback(null, response);
	};