I’m trying t set the X-Content-Type-Options header to nosniff, but nothing i did below is working when I’m developing locally. Do the headers not work locally or something? I’ve found no documentation on the x content type options header in any recent documentation/questions.
custom:
...
apiGatewayServiceProxies:
- s3:
path: /
method: get
action: GetObject
bucket:
Ref: S3Bucket
key: index.html
cors: true
acceptParameters:
'method.request.header.Accept': true
'method.request.header.Content-Type': true
'method.request.header.X-Content-Type-Options': true
'method.response.header.X-Content-Type-Options': true
requestParameters:
'integration.request.header.Accept': 'method.request.header.Accept'
'integration.request.header.Content-Type': 'method.request.header.Content-Type'
'integration.request.path.path': 'method.request.path.path'
'integration.request.path.object': 'context.requestId'
'integration.request.header.X-Content-Type-Options': 'nosniff'
response:
'integration.response.header.X-Content-Type-Options': 'nosniff'
- s3:
path: /{path+}
method: get
action: GetObject
bucket:
Ref: S3Bucket
pathOverride: 'index.html'
cors: true
acceptParameters:
'method.request.header.Accept': true
'method.request.header.Content-Type': true
'method.request.header.X-Content-Type-Options': true
'method.response.header.X-Content-Type-Options': true
requestParameters:
'integration.request.header.Accept': 'method.request.header.Accept'
'integration.request.header.Content-Type': 'method.request.header.Content-Type'
'integration.request.path.path': 'method.request.path.path'
'integration.request.path.object': 'context.requestId'
'integration.request.header.X-Content-Type-Options': 'nosniff'
response:
'integration.response.header.X-Content-Type-Options': 'nosniff'