more caching improvements

2025-04-26 16:28:28 -04:00 · 2019-02-15 14:52:14 -05:00 · 2019-02-15 14:52:14 -05:00 · 1ea464b1ac
commit 1ea464b1ac
parent d00951a09e
2 changed files with 62 additions and 6 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -31,18 +31,22 @@ deploy:
    - aws s3 sync ./public s3://$S3_BUCKET_NAME --delete --cache-control "max-age=86400, public" --metadata-directive "REPLACE"

    # set certain content-types manually because S3 sucks at guessing
-    - aws s3 cp --exclude "*" --include "*.ico" --content-type="image/x-icon" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
+    - aws s3 cp --exclude "*" --include "*.ico" --content-type="image/x-icon" --cache-control "max-age=604800, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
    - aws s3 cp --exclude "*" --include "*.svg" --content-type="image/svg+xml" --cache-control "max-age=2628000, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
    - aws s3 cp --exclude "*" --include "*.ttf" --content-type="font/ttf" --cache-control "max-age=2628000, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
    - aws s3 cp --exclude "*" --include "*.otf" --content-type="font/otf" --cache-control "max-age=2628000, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
    - aws s3 cp --exclude "*" --include "*.eot" --content-type="application/vnd.ms-fontobject" --cache-control "max-age=2628000, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
    - aws s3 cp --exclude "*" --include "*.woff" --content-type="font/woff" --cache-control "max-age=2628000, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
    - aws s3 cp --exclude "*" --include "*.woff2" --content-type="font/woff2" --cache-control "max-age=2628000, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
-    - aws s3 cp --exclude "*" --include "*.xml" --content-type="text/xml" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
-    - aws s3 cp --exclude "*" --include "*.mp4" --content-type="video/mp4" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
-    - aws s3 cp --exclude "*" --include "*.webm" --content-type="video/webm" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
-    - aws s3 cp --exclude "*" --include "*.docx" --content-type="application/vnd.openxmlformats-officedocument.wordprocessingml.document" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
-    - aws s3 cp --exclude "*" --include "*.pdf" --content-type="application/pdf" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
+    - aws s3 cp --exclude "*" --include "*.xml" --content-type="text/xml" --cache-control "max-age=3600, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
+    - aws s3 cp --exclude "*" --include "*.mp4" --content-type="video/mp4" --cache-control "max-age=604800, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
+    - aws s3 cp --exclude "*" --include "*.webm" --content-type="video/webm" --cache-control "max-age=604800, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
+    - aws s3 cp --exclude "*" --include "*.docx" --content-type="application/vnd.openxmlformats-officedocument.wordprocessingml.document" --cache-control "max-age=604800, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
+    - aws s3 cp --exclude "*" --include "*.pdf" --content-type="application/pdf" --cache-control "max-age=604800, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
+
+    # a few caching improvements
+    - aws s3 cp --exclude "*" --include "*.jpg" --include "*.png" --include "*.gif" --cache-control "max-age=604800, public" --metadata-directive="REPLACE" --recursive s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME
+    - aws s3 cp --content-type="text/plain; charset=utf-8" --cache-control "max-age=0, no-cache, no-store" --content-disposition "inline; filename=\"jarvis.asc\"" --metadata-directive="REPLACE" s3://$S3_BUCKET_NAME/jarvis.asc s3://$S3_BUCKET_NAME/jarvis.asc

    # invalidate entire CloudFront cache
    - aws cloudfront create-invalidation --distribution-id $DISTRIBUTION_ID --paths "/*";
--- a/lambda.js
+++ b/lambda.js
@ -0,0 +1,52 @@
+'use strict';
+exports.handler = (event, context, callback) => {
+    // Get contents of response
+    const response = event.Records[0].cf.response;
+
+    response.headers['Strict-Transport-Security'] = [{
+      key: 'Strict-Transport-Security',
+      value: "max-age=31536000; includeSubdomains"
+    }];
+    response.headers['X-Frame-Options'] = [{
+      key: 'X-Frame-Options',
+      value: "SAMEORIGIN"
+    }];
+    response.headers['X-Content-Type-Options'] = [{
+      key: 'X-Content-Type-Options',
+      value: "nosniff"
+    }];
+    response.headers['Referrer-Policy'] = [{
+      key: 'Referrer-Policy',
+      value: "same-origin"
+    }];
+    response.headers['X-XSS-Protection'] = [{
+      key: 'X-XSS-Protection',
+      value: "1; mode=block; report=https://jarvis.report-uri.com/r/d/xss/enforce"
+    }];
+//    response.headers['Accept-Ranges'] = [{
+//      key: 'Accept-Ranges',
+//      value: "bytes"
+//    }];
+    response.headers['Content-Security-Policy'] = [{
+      key: 'Content-Security-Policy',
+      value: "default-src 'self'; script-src 'self' stats.jarv.is 'sha256-TLAu2p9kt4LHt+sWwE0cvqq1Ok5LoGzRPrw7+mzhX00='; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; frame-src 'self'; connect-src 'self' jarvis.report-uri.com stats.jarv.is; upgrade-insecure-requests; report-uri https://jarvis.report-uri.com/r/d/csp/enforce"
+    }];
+    response.headers['X-DNS-Prefetch-Control'] = [{
+      key: 'X-DNS-Prefetch-Control',
+      value: "off"
+    }];
+    response.headers['X-UA-Compatible'] = [{
+      key: 'X-UA-Compatible',
+      value: "IE=edge"
+    }];
+    response.headers['Expect-CT'] = [{
+      key: 'Expect-CT',
+      value: "max-age=0, report-uri=https://jarvis.report-uri.com/r/d/ct/reportOnly"
+    }];
+
+    delete response.headers['Last-Modified'];
+    delete response.headers['Expires'];
+
+    // Return modified response
+    callback(null, response);
+};