Lambda function to inject custom headers into CloudFront responses.
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
hsts.js

README.md

This is a goddamned Javascript function to insert static security headers into a Cloudfront response. You can read the full rant on the Last Week in AWS Blog.

Note that this must be deployed to us-east-1 because of course it does; otherwise you can't use Cloudfront as an event source.

You also must set the trigger as "Viewer Response" or it won't do what you think it will.

You have my sympathies.