[英]How to dynamically adds CSP nonce attributes for inline scripts/styles with AWS Lambda + CloudFront + S3 setup?
According to official AWS documentation , I can add static Content-Security-Policy
headers via AWS Lambda.根据官方 AWS 文档,我可以通过 AWS Lambda 添加 static
Content-Security-Policy
标头。 But I'd like to know if there's a way to add dynamic nonce-<base64-value>
and change every time the viewer refresh the page?但我想知道是否有办法添加动态
nonce-<base64-value>
并在每次查看器刷新页面时更改?
This is how I add CSP headers via Node.js:这就是我通过 Node.js 添加 CSP 标头的方式:
'use strict';
exports.handler = (event, context, callback) => {
//Get contents of response
const response = event.Records[0].cf.response;
const headers = response.headers;
//Set new headers
headers['content-security-policy'] = [{key: 'Content-Security-Policy', value: "default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'"}];
//Return modified response
callback(null, response);
};
But how can I get the response body from Lambda?但是我怎样才能从 Lambda 获得响应体?
As I know there is a checkbox in CloudFront configuration with "Send response body to lambda"据我所知,CloudFront 配置中有一个带有“将响应正文发送到 lambda”的复选框
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.