From 87577577c5dd0b9c31e0fb393a7a1db13deb22a7 Mon Sep 17 00:00:00 2001
From: Benedikt Brauneck <b.brauneck@ris.ag>
Date: Mon, 13 May 2024 18:26:40 +0200
Subject: [PATCH] build: update dependencies

---
 .pre-commit-config.yaml | 15 +++++---------
 README.md               |  3 ++-
 main.tf                 | 43 ++++++++++++++++++++++++++++++-----------
 3 files changed, 39 insertions(+), 22 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 27d7f38..bb5c949 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,13 +1,13 @@
 ---
 repos:
   - repo: https://github.com/compilerla/conventional-pre-commit
-    rev: v1.2.0
+    rev: v3.2.0
     hooks:
       - id: conventional-pre-commit
         stages: [commit-msg]
         args: []
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v4.6.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -32,25 +32,20 @@ repos:
         args:
           - -b main
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.62.0
+    rev: v1.89.1
     hooks:
       - id: terraform_fmt
-      - id: terraform_tflint
       - id: terraform_docs
         args:
           - --hook-config=--path-to-file=README.md
           - --hook-config=--add-to-existing-file=true
           - --hook-config=--create-file-if-not-exist=true
-  - repo: https://github.com/Checkmarx/kics
-    rev: v1.5.4
-    hooks:
-      - id: kics
   - repo: https://github.com/sirosen/check-jsonschema
-    rev: 0.13.0
+    rev: 0.28.3
     hooks:
       - id: check-github-workflows
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: v2.5.1
+    rev: v4.0.0-alpha.8
     hooks:
       - id: prettier
         stages: [commit]
diff --git a/README.md b/README.md
index cde5a95..8ed0029 100644
--- a/README.md
+++ b/README.md
@@ -117,7 +117,7 @@ Please be aware that this is mainly a copy operation which means all your curren
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_bucket"></a> [bucket](#module\_bucket) | git::github.com/xoap-io/terraform-aws-storage-s3.git | v0.1.0 |
+| <a name="module_bucket"></a> [bucket](#module\_bucket) | git::github.com/xoap-io/terraform-aws-storage-s3.git | v0.1.1 |
 | <a name="module_this_label"></a> [this\_label](#module\_this\_label) | git::github.com/xoap-io/terraform-aws-misc-label | v0.1.0 |
 
 ## Resources
@@ -127,6 +127,7 @@ Please be aware that this is mainly a copy operation which means all your curren
 | [aws_cloudfront_cache_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_cache_policy) | resource |
 | [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
 | [aws_cloudfront_origin_request_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_request_policy) | resource |
+| [aws_cloudfront_response_headers_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_response_headers_policy) | resource |
 
 ## Inputs
 
diff --git a/main.tf b/main.tf
index 6d6783f..5605edd 100644
--- a/main.tf
+++ b/main.tf
@@ -4,7 +4,7 @@ module "this_label" {
   attributes = ["hosting", var.site_name]
 }
 module "bucket" {
-  source                = "git::github.com/xoap-io/terraform-aws-storage-s3.git?ref=v0.1.0"
+  source                = "git::github.com/xoap-io/terraform-aws-storage-s3.git?ref=v0.1.1"
   context               = var.context
   name                  = var.site_name
   website_enabled       = true
@@ -49,6 +49,29 @@ resource "aws_cloudfront_origin_request_policy" "this" {
   }
   query_strings_config {
     query_string_behavior = "all"
+
+  }
+
+}
+resource "aws_cloudfront_response_headers_policy" "this" {
+  name = module.this_label.id
+
+  cors_config {
+    access_control_allow_credentials = false
+
+    access_control_allow_headers {
+      items = var.cors_allowed_headers
+    }
+
+    access_control_allow_methods {
+      items = concat(var.cors_allowed_methods, ["OPTIONS"])
+    }
+
+    access_control_allow_origins {
+      items = var.cors_allowed_origins
+    }
+
+    origin_override = true
   }
 }
 #tfsec:ignore:AWS045
@@ -77,16 +100,14 @@ resource "aws_cloudfront_distribution" "this" {
   default_root_object = var.default_root_object
   aliases             = var.cloudfront_aliases
   default_cache_behavior {
-    allowed_methods          = var.allowed_methods
-    cached_methods           = var.cached_methods
-    target_origin_id         = var.s3_origin_id
-    compress                 = true
-    cache_policy_id          = aws_cloudfront_cache_policy.this.id
-    origin_request_policy_id = aws_cloudfront_origin_request_policy.this.id
-    viewer_protocol_policy   = var.viewer_protocol_policy
-    min_ttl                  = var.cf_min_ttl
-    max_ttl                  = var.cf_max_ttl
-    default_ttl              = var.cf_default_ttl
+    allowed_methods            = var.allowed_methods
+    cached_methods             = var.cached_methods
+    target_origin_id           = var.s3_origin_id
+    compress                   = true
+    cache_policy_id            = aws_cloudfront_cache_policy.this.id
+    origin_request_policy_id   = aws_cloudfront_origin_request_policy.this.id
+    viewer_protocol_policy     = var.viewer_protocol_policy
+    response_headers_policy_id = aws_cloudfront_response_headers_policy.this.id
   }
   price_class = var.cf_price_class
   viewer_certificate {