aws-appsync-community icon indicating copy to clipboard operation
aws-appsync-community copied to clipboard

Published 20 hours ago verified publisher icon aws

Feature Request - Custom HTTP Response Headers

Open denniscmpe opened this issue 3 years ago • 4 comments

Can we have the ability to set a custom HTTP response header from AppSync? I have a requirement to set a custom HTTP header based on the user query. I see that AppSync provides access to the request headers here: https://docs.aws.amazon.com/appsync/latest/devguide/resolver-context-reference.html

However, there is no access to the response headers from the resolvers. I haven't figured out a good way to set a custom HTTP response header from AppSync within AWS yet. Currently, I am looking at intercepting the request / response through CloudFront/Lambda@Edge to be able to do this, which adds additional latency to our process.

denniscmpe avatar Jul 23 '20 19:07 denniscmpe

https://aws.amazon.com/about-aws/whats-new/2022/02/aws-appsync-support-custom-response-headers/

billfine avatar Feb 23 '22 21:02 billfine

@denniscmpe can you confirm that the feature launched yesterday supports your use case?

billfine avatar Feb 23 '22 21:02 billfine

Yes – it looks like it can. Thanks for looking into this.

Dennis

From: Bill @.> Sent: Wednesday, February 23, 2022 4:37 PM To: @.> Cc: @.>; @.> Subject: Re: [aws/aws-appsync-community] Feature Request - Custom HTTP Response Headers (#122)

@denniscmpehttps://github.com/denniscmpe can you confirm that the feature launched yesterday supports your use case?

— Reply to this email directly, view it on GitHubhttps://github.com/aws/aws-appsync-community/issues/122#issuecomment-1049238611, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AM32YJISF6DKVUPRWXYIAD3U4VHRNANCNFSM4PGBGDWA. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.***>

denniscmpe avatar Feb 28 '22 22:02 denniscmpe

Sorry to post here after so long, I still don't understand how the responseTemplate should look like.

ours is currently just:

$util.toJson($ctx.result)

I'd like to add standard security headers such as:

$util.http.addResponseHeader("Strict-Transport-Security", "max-age=63072000; includeSubdomains; preload")
$util.http.addResponseHeader("Content-Security-Policy", "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'")
$util.http.addResponseHeader("X-Content-Type-Options", "nosniff")
$util.http.addResponseHeader("X-Frame-Options", "DENY")
$util.http.addResponseHeader("X-XSS-Protection", "1; mode=block")
$util.http.addResponseHeader("Referrer-Policy", "same-origin")

what would it look like all together?

aterreno avatar Apr 05 '22 13:04 aterreno