fix: Add redirect to https viewer protocol policy (#1378)

Fixes #1351 by making use of the [viewer protocol policy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-viewerprotocolpolicy) of Cloudfront distributions. * Enforces https redirects for clients that do not support HSTS header * Applied to all behaviors of Cloudfront distribution ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
cdklabs · Feb 1, 2024 · 3c02595 · 3c02595
1 parent 1cc2245
commit 3c02595
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 42 deletions.
diff --git a/src/__tests__/__snapshots__/construct-hub.test.ts.snap b/src/__tests__/__snapshots__/construct-hub.test.ts.snap
diff --git a/src/__tests__/devapp/__snapshots__/snapshot.test.ts.snap b/src/__tests__/devapp/__snapshots__/snapshot.test.ts.snap
diff --git a/src/webapp/index.ts b/src/webapp/index.ts
@@ -200,6 +200,7 @@ export class WebApp extends Construct {
           eventType: cloudfront.FunctionEventType.VIEWER_RESPONSE,
         },
       ],
+      viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
     };
 
     const websiteOrigin = new origins.S3Origin(this.bucket);
-Original file line number
+Diff line change
@@ Expand Up / @@ -200,6 +200,7 @@ export class WebApp extends Construct { @@
               eventType: cloudfront.FunctionEventType.VIEWER_RESPONSE,
             },
           ],
+          viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
         };
         const websiteOrigin = new origins.S3Origin(this.bucket);
@@ Expand Down @@