Status: IN
CloudFront's two HTTPS enforcement options both have method-dependent behavior gaps: "Redirect HTTP to HTTPS" returns 301 only for GET/HEAD (other methods like POST get different handling), and "HTTPS Only" returns 403 for all HTTP requests — neither option provides clean HTTPS migration for API traffic using non-GET methods.