diff --git a/.changeset/healthy-readers-travel.md b/.changeset/healthy-readers-travel.md new file mode 100644 index 00000000..c619803a --- /dev/null +++ b/.changeset/healthy-readers-travel.md @@ -0,0 +1,5 @@ +--- +"@codedazur/cdk-docker-cluster": minor +--- + +The cache policy now defaults to the recommended policy for an Application Load Balancer origin. diff --git a/.changeset/seven-coats-bake.md b/.changeset/seven-coats-bake.md new file mode 100644 index 00000000..af490970 --- /dev/null +++ b/.changeset/seven-coats-bake.md @@ -0,0 +1,5 @@ +--- +"@codedazur/cdk-site-distribution": minor +--- + +Custom cache policies are now supported. diff --git a/.changeset/twenty-mails-fry.md b/.changeset/twenty-mails-fry.md new file mode 100644 index 00000000..0fddbe01 --- /dev/null +++ b/.changeset/twenty-mails-fry.md @@ -0,0 +1,5 @@ +--- +"@codedazur/cdk-site-distribution": patch +--- + +Cross origin embedding is now allwed by default. diff --git a/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts b/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts index 8a7ee63b..da9b4903 100644 --- a/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts +++ b/packages/cdk-docker-cluster/src/constructs/DockerCluster.ts @@ -3,7 +3,7 @@ import { SiteDistributionProps, } from "@codedazur/cdk-site-distribution"; import { App } from "aws-cdk-lib"; -import { OriginProtocolPolicy } from "aws-cdk-lib/aws-cloudfront"; +import { CachePolicy, OriginProtocolPolicy } from "aws-cdk-lib/aws-cloudfront"; import { LoadBalancerV2Origin } from "aws-cdk-lib/aws-cloudfront-origins"; import { Platform } from "aws-cdk-lib/aws-ecr-assets"; import { @@ -122,11 +122,24 @@ export class DockerCluster extends Construct { } protected createDistribution() { + /** + * This retrieves the managed "UseOriginCacheControlHeaders-QueryStrings" + * cache policy, which is designed for use with an origin that sends + * Cache-Control headers with the object and includes query strings in the + * cache key. + */ + const cachePolicy = CachePolicy.fromCachePolicyId( + this, + "CachePolicy", + "4cc15a8a-d715-48a4-82b8-cc0b614638fe", + ); + return new SiteDistribution(this, "Distribution", { ...this.props.distribution, origin: new LoadBalancerV2Origin(this.service.loadBalancer, { protocolPolicy: OriginProtocolPolicy.HTTP_ONLY, }), + cachePolicy, }); } diff --git a/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts b/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts index 9c915daf..527e791c 100644 --- a/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts +++ b/packages/cdk-site-distribution/src/constructs/SiteDistribution.ts @@ -10,6 +10,7 @@ import { Distribution, FunctionCode, FunctionEventType, + ICachePolicy, IOrigin, PriceClass, ViewerProtocolPolicy, @@ -40,6 +41,7 @@ export interface SiteDistributionProps { subdomain?: string; zone?: IHostedZone; }; + cachePolicy?: ICachePolicy; invalidateCache?: boolean | string[]; } @@ -258,6 +260,7 @@ export class SiteDistribution extends Construct { /** * @todo Make these headers configurable. * @todo Research CSP and define a good default. + * @todo Enable customizable X-Frame-Options. */ protected getSecurityHeadersCode() { return FunctionCode.fromInline(/* js */ ` @@ -275,9 +278,9 @@ export class SiteDistribution extends Construct { value: "nosniff", }; - event.response.headers["x-frame-options"] = { - value: "SAMEORIGIN", - }; + // event.response.headers["x-frame-options"] = { + // value: "SAMEORIGIN", + // }; return next(event); } @@ -310,6 +313,7 @@ export class SiteDistribution extends Construct { ] : []), ], + cachePolicy: this.props.cachePolicy, }, });