From 76cc74adba877872f2e6c4a18e4cfd00314e2b93 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 8 Apr 2022 18:27:55 +0000
Subject: [PATCH 1/3] Bump actions/upload-artifact from 2 to 3

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/megalinter.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/megalinter.yaml b/.github/workflows/megalinter.yaml
index c3945b4..dabb16f 100644
--- a/.github/workflows/megalinter.yaml
+++ b/.github/workflows/megalinter.yaml
@@ -26,7 +26,7 @@ jobs:
           DISABLE_LINTERS: TERRAFORM_TERRASCAN
       - name: Archive production artifacts
         if: ${{ success() }} || ${{ failure() }}
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: MegaLinter reports
           path: |

From a16bf9625bbc2bf12c33cb7e34475020b57d076d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Jun 2022 18:33:36 +0000
Subject: [PATCH 2/3] chore(deps): bump wagoid/commitlint-github-action from 4
 to 5

Bumps [wagoid/commitlint-github-action](https://github.com/wagoid/commitlint-github-action) from 4 to 5.
- [Release notes](https://github.com/wagoid/commitlint-github-action/releases)
- [Changelog](https://github.com/wagoid/commitlint-github-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/wagoid/commitlint-github-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: wagoid/commitlint-github-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/commit-message-validator.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/commit-message-validator.yaml b/.github/workflows/commit-message-validator.yaml
index 19f9692..173ce0c 100644
--- a/.github/workflows/commit-message-validator.yaml
+++ b/.github/workflows/commit-message-validator.yaml
@@ -9,4 +9,4 @@ jobs:
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@v4
+      - uses: wagoid/commitlint-github-action@v5

From ef420bf594fce9884a8ade9a6f82fc8094fd66ac Mon Sep 17 00:00:00 2001
From: bbrauneck <bbrauneck@ris.ag>
Date: Thu, 23 Jun 2022 12:13:40 +0200
Subject: [PATCH 3/3] fix: added request policy

---
 README.md |  1 +
 main.tf   | 31 +++++++++++++++++++++++--------
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 80b4858..cde5a95 100644
--- a/README.md
+++ b/README.md
@@ -126,6 +126,7 @@ Please be aware that this is mainly a copy operation which means all your curren
 |------|------|
 | [aws_cloudfront_cache_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_cache_policy) | resource |
 | [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
+| [aws_cloudfront_origin_request_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_request_policy) | resource |
 
 ## Inputs
 
diff --git a/main.tf b/main.tf
index 13b7270..c288935 100644
--- a/main.tf
+++ b/main.tf
@@ -28,7 +28,7 @@ resource "aws_cloudfront_cache_policy" "this" {
     enable_accept_encoding_gzip   = true
     enable_accept_encoding_brotli = true
     cookies_config {
-      cookie_behavior = "none"
+      cookie_behavior = "all"
     }
     headers_config {
       header_behavior = "none"
@@ -39,6 +39,18 @@ resource "aws_cloudfront_cache_policy" "this" {
 
   }
 }
+resource "aws_cloudfront_origin_request_policy" "this" {
+  name = module.this_label.id
+  cookies_config {
+    cookie_behavior = "all"
+  }
+  headers_config {
+    header_behavior = "none"
+  }
+  query_strings_config {
+    query_string_behavior = "all"
+  }
+}
 #tfsec:ignore:AWS045
 resource "aws_cloudfront_distribution" "this" {
   origin {
@@ -65,13 +77,16 @@ resource "aws_cloudfront_distribution" "this" {
   default_root_object = var.default_root_object
   aliases             = var.cloudfront_aliases
   default_cache_behavior {
-    allowed_methods        = var.allowed_methods
-    cached_methods         = var.cached_methods
-    target_origin_id       = var.s3_origin_id
-    compress               = true
-    cache_policy_id        = aws_cloudfront_cache_policy.this.id
-    viewer_protocol_policy = var.viewer_protocol_policy
-    min_ttl                = var.cf_min_ttl
+    allowed_methods          = var.allowed_methods
+    cached_methods           = var.cached_methods
+    target_origin_id         = var.s3_origin_id
+    compress                 = true
+    cache_policy_id          = aws_cloudfront_cache_policy.this.id
+    origin_request_policy_id = aws_cloudfront_origin_request_policy.this.id
+    viewer_protocol_policy   = var.viewer_protocol_policy
+    min_ttl                  = var.cf_min_ttl
+    max_ttl                  = var.cf_max_ttl
+    default_ttl              = var.cf_default_ttl
   }
   price_class = var.cf_price_class
   viewer_certificate {