我有一个无服务器API,它与serverless框架版本1.25一起工作。
基于安全原因,我希望添加响应头。请帮我通过serverless.yml文件设置以下标题。为了安全起见是否需要添加此标题?
• Content-Security-Policy:包括default-src 'self'
• Strict-Transport-Security max-age=31536000; includeSubDomains; preload
• X-Content-Type-Options:nosniff
• X-XSS-Protection:1
• Cache-Control:max-age = 0; Expires = -1 或 Expires:Fri, 01 Jan 1990 00:00:00 GMT; no-cache,must-revalidate
下面是我的serverless应用程序serverless.yaml
service: myService
provider:
name: aws
runtime: nodejs6.10
stage: dev
region: eu-west-1
environment:
REGION: ${self:provider.region}
PROJECT_NAME: ${self:custom.projectName}
SERVERLESS_STAGE: ${self:provider.stage}
SERVERLESS_SERVICE: ${self:service}
IP_ADDRESS: http://example.com
functions:
getMyFunction:
handler: handler.getMyFunction
timeout: 30
events:
- http:
method: get
path: api/getMyFunction/v1
integration: lambda
cors: true
authorizer:
name: authorizerFunc
identitySource: method.request.header.Token
authorizationType: AWS_IAM