diff --git a/package-lock.json b/package-lock.json index fb0baa40..e0904b35 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9780,7 +9780,7 @@ }, "packages/feature-env-handlers": { "name": "@aligent/cdk-feature-env-handlers", - "version": "0.1.0", + "version": "2.0.1", "license": "GPL-3.0-only", "dependencies": { "source-map-support": "^0.5.21" @@ -9836,7 +9836,7 @@ }, "packages/lambda-at-edge-handlers": { "name": "@aligent/cdk-lambda-at-edge-handlers", - "version": "0.1.0", + "version": "0.1.1", "license": "GPL-3.0-only", "dependencies": { "axios": "^1.5.1", @@ -9848,7 +9848,7 @@ }, "packages/prerender-fargate": { "name": "@aligent/cdk-prerender-fargate", - "version": "2.3.8", + "version": "2.5.1", "license": "GPL-3.0-only", "dependencies": { "@aws-cdk/aws-apigatewayv2-alpha": "2.30.0-alpha.0", @@ -9924,7 +9924,7 @@ }, "packages/static-hosting": { "name": "@aligent/cdk-static-hosting", - "version": "2.3.4", + "version": "2.4.0", "license": "GPL-3.0-only", "dependencies": { "@aligent/cdk-esbuild": "^2.0", @@ -9946,7 +9946,7 @@ }, "packages/waf": { "name": "@aligent/cdk-waf", - "version": "2.0.0", + "version": "2.1.0", "license": "GPL-3.0-only", "dependencies": { "aws-cdk-lib": "2.113.0", diff --git a/packages/feature-env-handlers/lib/viewer-request.ts b/packages/feature-env-handlers/lib/viewer-request.ts index 74dcfdb2..2d50818a 100644 --- a/packages/feature-env-handlers/lib/viewer-request.ts +++ b/packages/feature-env-handlers/lib/viewer-request.ts @@ -6,6 +6,7 @@ export const handler = async ( ): Promise => { const { request } = event.Records[0].cf; + // Consumed by OriginRequest Lambda@Edge for Feature Environment functionality. request.headers["x-forwarded-host"] = [ { value: request.headers.host[0].value, diff --git a/packages/feature-env-handlers/package-lock.json b/packages/feature-env-handlers/package-lock.json index 6d78e486..cdbe1273 100644 --- a/packages/feature-env-handlers/package-lock.json +++ b/packages/feature-env-handlers/package-lock.json @@ -1,12 +1,12 @@ { "name": "@aligent/cdk-lambda-at-edge-handlers", - "version": "0.1.0", + "version": "2.0.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@aligent/cdk-lambda-at-edge-handlers", - "version": "0.1.0", + "version": "2.0.1", "license": "GPL-3.0-only", "dependencies": { "@types/aws-lambda": "^8.10.77", diff --git a/packages/feature-env-handlers/package.json b/packages/feature-env-handlers/package.json index f25f7b26..63f0dd9e 100644 --- a/packages/feature-env-handlers/package.json +++ b/packages/feature-env-handlers/package.json @@ -1,6 +1,6 @@ { "name": "@aligent/cdk-feature-env-handlers", - "version": "0.1.0", + "version": "2.0.1", "description": "Cloudfront Lambda@Edge handlers to allow feature environments to function", "main": "index.js", "scripts": { diff --git a/packages/lambda-at-edge-handlers/lib/prerender-check.ts b/packages/lambda-at-edge-handlers/lib/prerender-check.ts index b9a93e14..ef4d991d 100644 --- a/packages/lambda-at-edge-handlers/lib/prerender-check.ts +++ b/packages/lambda-at-edge-handlers/lib/prerender-check.ts @@ -17,8 +17,10 @@ export const handler = async ( if ( !IS_FILE.test(request.uri) && IS_BOT.test(request.headers["user-agent"][0].value) && + // Check if the request is from Prerender service !request.headers["x-prerender"] ) { + // Consumed by OriginRequest Lambda@Edge to determine if this request needs to be send to Prerender service rather than other origins. request.headers["x-request-prerender"] = [ { key: "x-request-prerender", @@ -26,6 +28,7 @@ export const handler = async ( }, ]; + // Consumed by OriginRequest Lambda@Edge, only when x-request-prerender header is set. Prerender service will send request to this host. request.headers["x-prerender-host"] = [ { key: "X-Prerender-Host", value: request.headers.host[0].value }, ]; diff --git a/packages/lambda-at-edge-handlers/package-lock.json b/packages/lambda-at-edge-handlers/package-lock.json index 6d78e486..7430fdfc 100644 --- a/packages/lambda-at-edge-handlers/package-lock.json +++ b/packages/lambda-at-edge-handlers/package-lock.json @@ -1,12 +1,12 @@ { "name": "@aligent/cdk-lambda-at-edge-handlers", - "version": "0.1.0", + "version": "0.1.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@aligent/cdk-lambda-at-edge-handlers", - "version": "0.1.0", + "version": "0.1.1", "license": "GPL-3.0-only", "dependencies": { "@types/aws-lambda": "^8.10.77", diff --git a/packages/lambda-at-edge-handlers/package.json b/packages/lambda-at-edge-handlers/package.json index 087c22d1..3a6d3933 100644 --- a/packages/lambda-at-edge-handlers/package.json +++ b/packages/lambda-at-edge-handlers/package.json @@ -1,6 +1,6 @@ { "name": "@aligent/cdk-lambda-at-edge-handlers", - "version": "0.1.0", + "version": "0.1.1", "description": "A Cloudfront Lambda@Edge handlers powered by Middy", "main": "index.js", "scripts": { diff --git a/packages/static-hosting/lib/path-remap.ts b/packages/static-hosting/lib/path-remap.ts index 97775739..98686aa5 100644 --- a/packages/static-hosting/lib/path-remap.ts +++ b/packages/static-hosting/lib/path-remap.ts @@ -33,7 +33,7 @@ export class PathRemapFunction extends Construct { local: new Esbuild({ entryPoints: [join(__dirname, "handlers/remap.ts")], define: { - "process.env.REMAP_PATH": options.path, + "process.env.REMAP_PATH": `"${options.path}"`, }, }), }, diff --git a/packages/static-hosting/lib/static-hosting.ts b/packages/static-hosting/lib/static-hosting.ts index 46786ec4..3f312546 100644 --- a/packages/static-hosting/lib/static-hosting.ts +++ b/packages/static-hosting/lib/static-hosting.ts @@ -2,27 +2,27 @@ import { Construct } from "constructs"; import { CfnOutput, Duration, RemovalPolicy } from "aws-cdk-lib"; import { Certificate } from "aws-cdk-lib/aws-certificatemanager"; import { + BehaviorOptions, + CacheHeaderBehavior, + CachePolicy, + CfnDistribution, Distribution, DistributionProps, + EdgeLambda, + ErrorResponse, HttpVersion, + IDistribution, + IResponseHeadersPolicy, + IOriginAccessIdentity, + LambdaEdgeEventType, + OriginAccessIdentity, + OriginRequestHeaderBehavior, + OriginRequestPolicy, PriceClass, ResponseHeadersPolicy, SecurityPolicyProtocol, SSLMethod, ViewerProtocolPolicy, - BehaviorOptions, - ErrorResponse, - EdgeLambda, - CfnDistribution, - OriginRequestPolicy, - CachePolicy, - OriginRequestHeaderBehavior, - CacheHeaderBehavior, - IResponseHeadersPolicy, - LambdaEdgeEventType, - OriginAccessIdentity, - IDistribution, - IOriginAccessIdentity, } from "aws-cdk-lib/aws-cloudfront"; import { HttpOrigin, S3Origin } from "aws-cdk-lib/aws-cloudfront-origins"; import { @@ -246,6 +246,16 @@ export interface StaticHostingProps { */ defaultBehaviorCachePolicy?: CachePolicy; + /** + * Additional headers to include in OriginRequestHeaderBehavior + */ + additionalDefaultOriginRequestHeaders?: string[]; + + /** + * Additional headers to include in CacheHeaderBehavior + */ + additionalDefaultCacheKeyHeaders?: string[]; + /** * After switching constructs, you need to maintain the same logical ID * for the underlying CfnDistribution if you wish to avoid the deletion @@ -425,23 +435,36 @@ export class StaticHosting extends Construct { }); let backendOrigin = undefined; + const additionalDefaultOriginRequestHeaders = + props.additionalDefaultOriginRequestHeaders || []; + const originRequestHeaderBehaviorAllowList = [ + "x-forwarded-host", // Consumed by OriginRequest Lambda@Edge for Feature Environment functionality. + "x-request-prerender", // Consumed by OriginRequest Lambda@Edge to determine if this request needs to be send to Prerender service rather than other origins. + "x-prerender-host", // Consumed by OriginRequest Lambda@Edge, only when x-request-prerender header is set. Prerender service will send request to this host. + "x-prerender", // Consumed, if configured, by origin's custom features, such as GeoRedirection, the behave of which should depend on whether the request is from an end user. + "x-prerender-user-agent", // Consumed by Prerender service for logging original user agent rather than CloudFront's + ...additionalDefaultOriginRequestHeaders, + ]; const originRequestPolicy = props.defaultBehaviorRequestPolicy || new OriginRequestPolicy(this, "S3OriginRequestPolicy", { headerBehavior: OriginRequestHeaderBehavior.allowList( - "x-forwarded-host", - "x-request-prerender", - "x-prerender" + ...originRequestHeaderBehaviorAllowList ), }); + const additionalDefaultCacheKeyHeaders = + props.additionalDefaultCacheKeyHeaders || []; + const cacheHeaderBehaviorAllowList = [ + "x-forwarded-host", // Origin response may vary depending on the domain/path based on Feature Environment + "x-prerender", // Origin response may vary depending on whether the request is from end user or prerender service. + ...additionalDefaultCacheKeyHeaders, + ]; const originCachePolicy = props.defaultBehaviorCachePolicy || new CachePolicy(this, "S3OriginCachePolicy", { headerBehavior: CacheHeaderBehavior.allowList( - "x-forwarded-host", - "x-request-prerender", - "x-prerender" + ...cacheHeaderBehaviorAllowList ), enableAcceptEncodingBrotli: true, enableAcceptEncodingGzip: true, @@ -479,7 +502,7 @@ export class StaticHosting extends Construct { origin: s3Origin, viewerProtocolPolicy: ViewerProtocolPolicy.REDIRECT_TO_HTTPS, edgeLambdas: defaultBehaviorEdgeLambdas, - originRequestPolicy: originRequestPolicy, + originRequestPolicy, cachePolicy: originCachePolicy, responseHeadersPolicy: responseHeadersPolicy, }; @@ -540,7 +563,7 @@ export class StaticHosting extends Construct { } const distributionProps: DistributionProps = { - domainNames: domainNames, + domainNames, webAclId: props.webAclArn, comment: props.comment, defaultRootObject: defaultRootObject, @@ -557,8 +580,8 @@ export class StaticHosting extends Construct { "DomainCertificate", props.certificateArn ), - defaultBehavior: defaultBehavior, - additionalBehaviors: additionalBehaviors, + defaultBehavior, + additionalBehaviors, errorResponses: props.enableErrorConfig ? errorResponses : [], }; diff --git a/packages/static-hosting/package.json b/packages/static-hosting/package.json index 4bbfcd06..d4f4913a 100644 --- a/packages/static-hosting/package.json +++ b/packages/static-hosting/package.json @@ -1,6 +1,6 @@ { "name": "@aligent/cdk-static-hosting", - "version": "2.3.4", + "version": "2.4.0", "main": "index.js", "license": "GPL-3.0-only", "homepage": "https://github.com/aligent/aws-cdk-static-hosting-stack#readme",