Custom headers on Amazon S3

Asked 18/1, 2012 at 20:27 Answered 17/11, 2021 at 7:42

Solved amazon-web-services amazon-s3 http-headers

Is it possible to have custom headers on Amazon S3 with arbitrary naming?

For example, I am using a CDN pointing to Amazon S3 as the origin server, and in order to enable advanced functionality on the CDN I need to use a custom header x-something-something...

I see it's possible to do this with x-amz-meta-(something) but what about something more general like x-(something)-(something) without the amz?

Amazon S3 custom headers

Dissimulate answered 18/1, 2012 at 20:27 Comment(1)

What can you not accomplish with the headers prefixed in that way? – Muskogee 18/1, 2012 at 21:10

I don't think it is possible with their current API. They cover the major headers you will need for caching and browser interoperability.

I think they are being safe in only allowing x-amz-meta- prefixed custom headers, possibly to keep from clashing with user selected headers when they update their api in the future.

If you need custom attributes attached to your objects, it should be trivial to parse out the x-amz-meta- in your client application.

Muskogee answered 18/1, 2012 at 21:13 Comment(4)

"Trivial" if you control the client application... but if it is some third party, it's not so trivial! – Dissimulate 22/6, 2012 at 17:23

@Dissimulate I suppose if you don't access AWS directly you are beholden to the limitations of whatever you are using. – Muskogee 22/6, 2012 at 18:1

Thanks, I was wondering why I couldn't set custom headers on my own. The x-amz-meta-prefix did it indeed (a fact poorly documented by Amazon). – Edda 22/9, 2014 at 15:19

I am using their static website hosting solution and i want to set X-Frame-Options. But now i can't, I need to think of some other solution – Leonardo 28/3, 2017 at 9:38

This beautiful article explains it all: Serving custom headers from static sites on CloudFront/S3 with Lambda@Edge

tldr:

You can't—do it only with S3. You need to use CloudFront and Lambda via Lambda@Edge. It's an integration between Lambda and CloudFront. It allows you to run Lambdas within the CloudFront. This allows you to change headers among other things. So if you are ok accessing your S3 via CloudFront then this could be a viable option.

Leonardo answered 7/4, 2017 at 16:18 Comment(2)

See also #63204119 – Evert 3/3, 2021 at 17:43

Now we can do this using reponse header policy see https://mcmap.net/q/500650/-how-to-add-headers-to-cloudfront-response – Supposititious 16/11, 2021 at 10:45

I don't think it is possible with their current API. They cover the major headers you will need for caching and browser interoperability.

I think they are being safe in only allowing x-amz-meta- prefixed custom headers, possibly to keep from clashing with user selected headers when they update their api in the future.

If you need custom attributes attached to your objects, it should be trivial to parse out the x-amz-meta- in your client application.

Muskogee answered 18/1, 2012 at 21:13 Comment(4)

"Trivial" if you control the client application... but if it is some third party, it's not so trivial! – Dissimulate 22/6, 2012 at 17:23

@Dissimulate I suppose if you don't access AWS directly you are beholden to the limitations of whatever you are using. – Muskogee 22/6, 2012 at 18:1

Thanks, I was wondering why I couldn't set custom headers on my own. The x-amz-meta-prefix did it indeed (a fact poorly documented by Amazon). – Edda 22/9, 2014 at 15:19

I am using their static website hosting solution and i want to set X-Frame-Options. But now i can't, I need to think of some other solution – Leonardo 28/3, 2017 at 9:38

Amazon now natively supports adding security headers.

Blog with information: Amazon CloudFront introduces Response Headers Policies

Documentation: create-response-headers-policy

Leonardo answered 17/11, 2021 at 7:42 Comment(0)

I was able to achieve this using the s3cmd tool. I wrote a sync script that syncs my static site using the --cache-control parameter on the AWS client tool and then manually resets it and adds a couple of other headers for a few specific files:

cd /appropriatedirectory

# Delete current site
aws s3 rm s3://yourbucket --recursive --exclude 'logs/*'

# Upload new site, setting cache header to 1 month for all files
aws s3 sync . s3://yourbucket --exclude '.idea/\*' --exclude '.git/\*' --exclude '.gitignore' --cache-control max-age=2592000

# Overrides the cache headers for some file
python /pathToS3cmd/s3cmd  modify --add-header="Cache-Control:no-cache,no-store,must-revalidate" s3://yourbucket/somefile.html
python /pathToS3cmd/s3cmd/s3cmd  modify --add-header="Expires:0" s3://yourbucket/somefile.html
python /pathToS3cmd/s3cmd/s3cmd  modify --add-header="Pragma:no-cache" s3://yourbucket/somefile.html

Poco answered 22/9, 2017 at 18:35 Comment(2)

This has some cruft in it for ignoring logs, IntelliJ, and Git files. I left it in as a hopefully helpful example of a practical sync script. – Poco 22/9, 2017 at 18:38

Unfortunately, only a restricted set of headers is supported. Standard cache control related headers are supported though. docs.aws.amazon.com/AmazonS3/latest/API/… – Electromotor 18/4, 2018 at 15:40

Recommended topics

Hot tags