Debug Lambda
Draft
I borrowed a script from this article, Serving custom headers from static sites on CloudFront_S3 with Lambda@Edge, and decided I’d like to have tools setup locally to troubleshoot such a script. This article suggests some of the steps I took.
brew unlink node
brew install node@6
brew link node@6
npm install lambda-tester mocha chai --save-dev
Here is the test file.
// test.js
const LambdaTester = require('lambda-tester');
const expect = require('chai').expect;
const myHandler = require('./handler').handler;
describe('handler', function() {
it( 'test success', function() {
return LambdaTester(myHandler)
.event({"Records": [{"cf": {"response": {"headers": {}}}}]})
.expectResult((result) => {
expect(
result['headers']['X-Content-Type-Options'][0]
).to.deep.equal(
{
'key' : 'X-Content-Type-Options',
'value' : 'nosniff'
})
})
})
})
And here is a handler script that passes this test.
// handler.js
'use strict';
exports.handler = (event, context, callback) => {
const response = event.Records[0].cf.response;
var csp =
"default-src 'none'; " +
"img-src 'self';" +
"script-src 'self'; " +
"style-src 'self' 'unsafe-url';" +
"object-src 'none'; " +
"frame-ancestors 'none';"
var xs = {
'X-Content-Type-Options' : 'nosniff',
'X-Frame-Options' : 'DENY',
'X-XSS-Protection' : '1; mode=block',
'Referrer-Policy' : 'same-origin',
'Content-Security-Policy' : csp
}
for (var x in xs){
response.headers[x] = [{
key: x,
value: xs[x]
}];
}
callback(null, response);
};
Here are some links for further reading.