jonathanhle · August 28, 2018 23:01
diff --git a/gistfile1.txt b/gistfile1.txt
 // https://blog.crashtest-security.com/lambda-edge-to-configure-http-security-headers-for-cloudfront-34a44775061d

 'use strict';

 exports.handler = (event, context, callback) => {

    const response = event.Records[0].cf.response;
    const headers = response.headers;

    // Add security headers
    const securityHeaders = [
        [{
            'value': 'max-age=31536000',
            'key': 'Strict-Transport-Security'
        }],
        [{
            'value': 'deny',
            'key': 'X-Frame-Options'
        }],
        [{
            'value': '1; mode=block',
            'key': 'X-XSS-Protection'
        }],
        [{
            'value': 'nosniff',
            'key': 'X-Content-Type-Options'
        }],
        [{
            'value': 'strict-origin-when-cross-origin',
            'key': 'Referrer-Policy'
        }]
    ];

    // Add all headers of the array to the response object in the correct format
    for(let header of securityHeaders) {
       headers[header[0].key.toLowerCase()] = header;
    }

    callback(null, response);
 };
	// https://blog.crashtest-security.com/lambda-edge-to-configure-http-security-headers-for-cloudfront-34a44775061d

	'use strict';

	exports.handler = (event, context, callback) => {

	const response = event.Records[0].cf.response;
	const headers = response.headers;

	// Add security headers
	const securityHeaders = [
	[{
	'value': 'max-age=31536000',
	'key': 'Strict-Transport-Security'
	}],
	[{
	'value': 'deny',
	'key': 'X-Frame-Options'
	}],
	[{
	'value': '1; mode=block',
	'key': 'X-XSS-Protection'
	}],
	[{
	'value': 'nosniff',
	'key': 'X-Content-Type-Options'
	}],
	[{
	'value': 'strict-origin-when-cross-origin',
	'key': 'Referrer-Policy'
	}]
	];

	// Add all headers of the array to the response object in the correct format
	for(let header of securityHeaders) {
	headers[header[0].key.toLowerCase()] = header;
	}

	callback(null, response);
	};