Add information about response headers policies

thomasturrell · web-flow · commit a88e9087e534 · 2021-11-07T15:53:29.000+01:00
diff --git a/add-security-headers/README.md b/add-security-headers/README.md
@@ -1,5 +1,7 @@
 ## Add HTTP security headers
 
+> :warning: Consider using [CloudFront Response Headers Policies](https://aws.amazon.com/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-response-headers-policies/) instead of CloudFront Functions to configure CORS, security, and custom HTTP response headers.
+
 **CloudFront Functions event type: viewer response**
 
 This function adds several common HTTP security headers to the response from CloudFront. The following headers are added as part of this function:
@@ -42,4 +44,4 @@ If the function has been set up correctly, you should see a result similar to th
         "FunctionOutput": "{\"response\":{\"headers\":{\"server\":{\"value\":\"CustomOriginServer\"},\"content-length\":{\"value\":\"9593\"},\"content-security-policy\":{\"value\":\"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"},\"x-content-type-options\":{\"value\":\"nosniff\"},\"x-xss-protection\":{\"value\":\"1; mode=block\"},\"x-frame-options\":{\"value\":\"DENY\"},\"content-type\":{\"value\":\"text/html; charset=UTF-8\"},\"strict-transport-security\":{\"value\":\"max-age=63072000; includeSubdomains; preload\"}},\"statusDescription\":\"OK\",\"cookies\":{\"loggedIn\":{\"attributes\":\"Secure; Path=/; Domain=example.com; Expires=Wed, 05 Jan 2024 07:28:00 GMT\",\"value\":\"true\"},\"id\":{\"attributes\":\"Expires=Wed, 05 Jan 2024 07:28:00 GMT\",\"value\":\"a3fWa\"}},\"statusCode\":200}}"
     }
 }
-```
+```

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,7 @@`
`1`	`1`	`## Add HTTP security headers`
`2`	`2`
	`3`	`+> :warning: Consider using [CloudFront Response Headers Policies](https://aws.amazon.com/blogs/networking-and-content-delivery/amazon-cloudfront-introduces-response-headers-policies/) instead of CloudFront Functions to configure CORS, security, and custom HTTP response headers.`
	`4`	`+`
`3`	`5`	`CloudFront Functions event type: viewer response`
`4`	`6`
`5`	`7`	`This function adds several common HTTP security headers to the response from CloudFront. The following headers are added as part of this function:`
`@@ -42,4 +44,4 @@ If the function has been set up correctly, you should see a result similar to th`
`42`	`44`	"FunctionOutput": "{\"response\":{\"headers\":{\"server\":{\"value\":\"CustomOriginServer\"},\"content-length\":{\"value\":\"9593\"},\"content-security-policy\":{\"value\":\"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"},\"x-content-type-options\":{\"value\":\"nosniff\"},\"x-xss-protection\":{\"value\":\"1; mode=block\"},\"x-frame-options\":{\"value\":\"DENY\"},\"content-type\":{\"value\":\"text/html; charset=UTF-8\"},\"strict-transport-security\":{\"value\":\"max-age=63072000; includeSubdomains; preload\"}},\"statusDescription\":\"OK\",\"cookies\":{\"loggedIn\":{\"attributes\":\"Secure; Path=/; Domain=example.com; Expires=Wed, 05 Jan 2024 07:28:00 GMT\",\"value\":\"true\"},\"id\":{\"attributes\":\"Expires=Wed, 05 Jan 2024 07:28:00 GMT\",\"value\":\"a3fWa\"}},\"statusCode\":200}}"
`43`	`45`	`}`
`44`	`46`	`}`
`45`		-```
	`47`	+```