aws-solutions
diff --git a/‎CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎source/infrastructure/cdk.json‎
Lines changed: 4 additions & 9 deletions b/‎source/infrastructure/cdk.json‎
Lines changed: 4 additions & 9 deletions
diff --git a/‎source/infrastructure/lib/api/rest-endpoint.ts‎
Lines changed: 21 additions & 9 deletions b/‎source/infrastructure/lib/api/rest-endpoint.ts‎
Lines changed: 21 additions & 9 deletions
diff --git a/‎source/infrastructure/lib/s3web/static-site.ts‎
Lines changed: 17 additions & 1 deletion b/‎source/infrastructure/lib/s3web/static-site.ts‎
Lines changed: 17 additions & 1 deletion
diff --git a/‎source/infrastructure/lib/search/indexed-storage.ts‎
Lines changed: 4 additions & 1 deletion b/‎source/infrastructure/lib/search/indexed-storage.ts‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎source/infrastructure/package-lock.json‎
Lines changed: 2 additions & 2 deletions b/‎source/infrastructure/package-lock.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎source/infrastructure/package.json‎
Lines changed: 1 addition & 4 deletions b/‎source/infrastructure/package.json‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎source/infrastructure/test/mock-lambda-func/java-lambda/pom.xml‎
Lines changed: 4 additions & 4 deletions b/‎source/infrastructure/test/mock-lambda-func/java-lambda/pom.xml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎source/infrastructure/test/mock-lambda-func/node-lambda/package-lock.json‎
Lines changed: 2 additions & 2 deletions b/‎source/infrastructure/test/mock-lambda-func/node-lambda/package-lock.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎source/infrastructure/test/mock-lambda-func/node-lambda/package.json‎
Lines changed: 1 addition & 1 deletion b/‎source/infrastructure/test/mock-lambda-func/node-lambda/package.json‎
Lines changed: 1 addition & 1 deletion
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 =======
 
+## [1.0.7] - 2024-05-13
+
+### Security
+
+- Updated node modules to patch vulnerabilities
+
 ## [1.0.6] - 2024-03-27
 
 ### Security
 
@@ -1,9 +1,7 @@
 {
   "app": "../pre-build-jars.sh && npx ts-node --prefer-ts-exts bin/dus.ts",
   "watch": {
-    "include": [
-      "**"
-    ],
+    "include": ["**"],
     "exclude": [
       "README.md",
       "cdk*.json",
@@ -19,10 +17,7 @@
   "context": {
     "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
     "@aws-cdk/core:checkSecretUsage": true,
-    "@aws-cdk/core:target-partitions": [
-      "aws",
-      "aws-cn"
-    ],
+    "@aws-cdk/core:target-partitions": ["aws", "aws-cn"],
     "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
     "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
     "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
@@ -62,10 +57,10 @@
     "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true,
     "solution_id": "SO0281",
     "solution_name": "enhanced-document-understanding-on-aws",
-    "solution_version": "v1.0.6",
+    "solution_version": "v1.0.7",
     "app_namespace": "app.idp",
     "app_registry_name": "enhanced-document-understanding",
     "application_type": "AWS-Solutions",
     "application_trademark_name": "Enhanced Document Understanding on AWS"
   }
-}
+}
@@ -253,7 +253,7 @@ export class RestEndpoint extends Construct {
         // case creation
         caseResource.addCorsPreflight({
             allowOrigins: ['*'],
-            allowHeaders: ['*'],
+            allowHeaders: ['Content-Type, Access-Control-Allow-Headers, X-Requested-With, Authorization'],
             allowMethods: ['POST']
         });
         caseResource.addMethod('POST', postRequestLambdaIntegration, {
@@ -293,7 +293,7 @@ export class RestEndpoint extends Construct {
         const caseCaseIdResource = caseResource.addResource('{caseId}');
         caseCaseIdResource.addCorsPreflight({
             allowOrigins: ['*'],
-            allowHeaders: ['*'],
+            allowHeaders: ['Content-Type, Access-Control-Allow-Headers, X-Requested-With, Authorization'],
             allowMethods: ['GET']
         });
 
@@ -326,7 +326,7 @@ export class RestEndpoint extends Construct {
         const casesResource = apiRoot.addResource('cases');
         casesResource.addCorsPreflight({
             allowOrigins: ['*'],
-            allowHeaders: ['*'],
+            allowHeaders: ['Content-Type, Access-Control-Allow-Headers, X-Requested-With, Authorization'],
             allowMethods: ['GET']
         });
         casesResource.addMethod('GET', getRequestLambdaIntegration, {
@@ -352,7 +352,7 @@ export class RestEndpoint extends Construct {
         // Upload a document to a case
         documentResource.addCorsPreflight({
             allowOrigins: ['*'],
-            allowHeaders: ['*'],
+            allowHeaders: ['Content-Type, Access-Control-Allow-Headers, X-Requested-With, Authorization'],
             allowMethods: ['POST']
         });
         documentResource.addMethod('POST', postRequestLambdaIntegration, {
@@ -383,7 +383,7 @@ export class RestEndpoint extends Construct {
         const documentCaseIdDocIdResource = documentResource.addResource('{caseId}').addResource('{documentId}');
         documentCaseIdDocIdResource.addCorsPreflight({
             allowOrigins: ['*'],
-            allowHeaders: ['*'],
+            allowHeaders: ['Content-Type, Access-Control-Allow-Headers, X-Requested-With, Authorization'],
             allowMethods: ['GET']
         });
         documentCaseIdDocIdResource.addMethod('GET', getRequestLambdaIntegration, {
@@ -415,7 +415,10 @@ export class RestEndpoint extends Construct {
         const documentDownloadResource = documentResource.addResource('download');
         documentDownloadResource.addCorsPreflight({
             allowOrigins: ['*'],
-            allowHeaders: ['*'],
+            allowHeaders: [
+                'Content-Type, Access-Control-Allow-Headers, X-Requested-With, Authorization',
+                'Access-Control-Allow-Origin'
+            ],
             allowMethods: ['GET']
         });
         documentDownloadResource.addMethod('GET', getDocumentLambdaIntegration, {
@@ -450,7 +453,10 @@ export class RestEndpoint extends Construct {
             .addResource('{documentId}');
         inferencesResource.addCorsPreflight({
             allowOrigins: ['*'],
-            allowHeaders: ['*'],
+            allowHeaders: [
+                'Content-Type, Access-Control-Allow-Headers, X-Requested-With, Authorization',
+                'Access-Control-Allow-Origin'
+            ],
             allowMethods: ['GET']
         });
         inferencesResource.addMethod('GET', getInferenceLambdaIntegration, {
@@ -466,7 +472,10 @@ export class RestEndpoint extends Construct {
         const inferenceResource = inferencesResource.addResource('{inferenceType}');
         inferenceResource.addCorsPreflight({
             allowOrigins: ['*'],
-            allowHeaders: ['*'],
+            allowHeaders: [
+                'Content-Type, Access-Control-Allow-Headers, X-Requested-With, Authorization',
+                'Access-Control-Allow-Origin'
+            ],
             allowMethods: ['GET']
         });
         inferenceResource.addMethod('GET', getInferenceLambdaIntegration, {
@@ -487,7 +496,10 @@ export class RestEndpoint extends Construct {
         const redactResource = apiRoot.addResource('redact').addResource('{caseId}').addResource('{documentId}');
         redactResource.addCorsPreflight({
             allowOrigins: ['*'],
-            allowHeaders: ['*'],
+            allowHeaders: [
+                'Content-Type, Access-Control-Allow-Headers, X-Requested-With, Authorization',
+                'Access-Control-Allow-Origin'
+            ],
             allowMethods: ['POST']
         });
         redactResource.addMethod('POST', postRedactLambdaIntegration, {
 
@@ -81,6 +81,19 @@ export class StaticWebsite extends Construct {
             iam.Role.fromRoleArn(this, 'BucketPolicyLambdaRole', props.customResourceRoleArn)
         );
 
+        const cspResponseHeadersPolicy = new cloudfront.ResponseHeadersPolicy(this, 'CSPResponseHeadersPolicy', {
+            responseHeadersPolicyName: `eDU-CSPResponseHeadersPolicy-${cdk.Aws.STACK_NAME}-${cdk.Aws.REGION}`,
+            comment: 'CSP Response Headers Policy',
+            securityHeadersBehavior: {
+                contentSecurityPolicy: {
+                    contentSecurityPolicy:
+                        "default-src 'self' data: https://*.amazonaws.com; img-src 'self' data: https://*.cloudfront.net https://*.amazonaws.com; script-src 'self' http://*.cloudfront.net https://*.amazonaws.com; style-src 'self' 'unsafe-inline' https://*.amazonaws.com; object-src 'self' https://*.amazonaws.com; worker-src 'self' blob:",
+                    override: true
+                },
+                frameOptions: { frameOption: cloudfront.HeadersFrameOption.DENY, override: true }
+            }
+        });
+
         const cloudfrontToS3 = new CloudFrontToS3(this, 'UI', {
             existingBucketObj: this.webS3Bucket,
             cloudFrontDistributionProps: {
@@ -91,7 +104,10 @@ export class StaticWebsite extends Construct {
                 ],
                 logFilePrefix: 'cloudfront/',
                 minimumProtocolVersion: cloudfront.SecurityPolicyProtocol.TLS_V1_2_2019,
-                defaultRootObject: 'login.html'
+                defaultRootObject: 'login.html',
+                defaultBehavior: {
+                    responseHeadersPolicy: cspResponseHeadersPolicy
+                }
             }
         });
 
 
@@ -128,7 +128,10 @@ export class IndexedStorage extends Construct {
             .addResource('{query}');
         kendraSearchResource.addCorsPreflight({
             allowOrigins: ['*'],
-            allowHeaders: ['*'],
+            allowHeaders: [
+                'Content-Type, Access-Control-Allow-Headers, X-Requested-With, Authorization',
+                'Access-Control-Allow-Origin'
+            ],
             allowMethods: ['GET']
         });
 
 
@@ -1,6 +1,6 @@
 {
   "name": "enhanced-document-understanding-on-aws-infrastructure",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "bin": {
     "infrastructure": "bin/dus.js"
   },
@@ -60,9 +60,6 @@
     "source-map-support": "^0.5.21",
     "uuid": "^9.0.1"
   },
-  "overrides": {
-    "@babel/traverse": "^7.23.2"
-  },
   "exclude": [
     "node_modules",
     "cdk.out"
 
@@ -6,7 +6,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>example</groupId>
     <artifactId>java-lambda</artifactId>
-    <version>1.0.6</version>
+    <version>1.0.7</version>
 
     <name>mock-java-lambda</name>
 
@@ -20,7 +20,7 @@
             <dependency>
                 <groupId>software.amazon.awssdk</groupId>
                 <artifactId>bom</artifactId>
-                <version>2.22.10</version>
+                <version>2.25.50</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -54,7 +54,7 @@
         <dependency>
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-lambda-java-events</artifactId>
-            <version>3.11.4</version>
+            <version>3.11.5</version>
         </dependency>
     </dependencies>
     <build>
@@ -88,7 +88,7 @@
                     <dependency>
                         <groupId>com.puppycrawl.tools</groupId>
                         <artifactId>checkstyle</artifactId>
-                        <version>10.12.7</version>
+                        <version>10.16.0</version>
                     </dependency>
                     <dependency>
                         <groupId>org.apache.maven.shared</groupId>
 
@@ -1,6 +1,6 @@
 {
   "name": "node-lambda",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "A mock lambda implementation for CDK infrastructure unit",
   "main": "index.js",
   "scripts": {
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "node-lambda",`
`3`		`- "version": "1.0.6",`
	`3`	`+ "version": "1.0.7",`
`4`	`4`	`"description": "A mock lambda implementation for CDK infrastructure unit",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`