Question:
I have serverless API which is working with serverless framework version 1.25
Due to security reason I want to add response header. Please help me how can I set below headers via serverless.yml file. Is it necessary to add this header for the security reason?
• Content-Security-Policy: Include default-src ‘self’
• Strict-Transport-Security max-age=31536000; includeSubDomains; preload
• X-Content-Type-Options: nosniff
• X-XSS-Protection: 1
• Cache-Control: max- age=0; Expires=-1 or Expires: Fri, 01 Jan 1990 00:00:00 GMT; no-cache, must-revalidate
Below is my serverless application serverless.yaml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
service: myService provider: name: aws runtime: nodejs6.10 stage: dev region: eu-west-1 environment: REGION: ${self:provider.region} PROJECT_NAME: ${self:custom.projectName} SERVERLESS_STAGE: ${self:provider.stage} SERVERLESS_SERVICE: ${self:service} IP_ADDRESS: http://example.com functions: getMyFunction: handler: handler.getMyFunction timeout: 30 events: - http: method: get path: api/getMyFunction/v1 integration: lambda cors: true authorizer: name: authorizerFunc identitySource: method.request.header.Token authorizationType: AWS_IAM |
Answer:
You can use Lambda Proxy Integration. based on the documentation, you need to create a function which will run when someone accesses your API endpoint.
As an example :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
module.exports.hello = function (event, context, callback) { console.log(event); // Contains incoming request data (e.g., query params, headers and more) const response = { statusCode: 200, headers: { "x-custom-header": "My Header Value" }, body: JSON.stringify({ "message": "Hello World!" }) }; callback(null, response); }; |
And in your serverless.yml
|
1 2 3 4 5 6 |
functions: index: handler: handler.hello events: - http: GET hello |