AWS::CloudFront::ResponseHeadersPolicy CorsConfig

A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.

For more information about CORS, see Cross-Origin Resource Sharing (CORS) in the MDN Web Docs.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "AccessControlAllowCredentials" : Boolean,
  "AccessControlAllowHeaders" : AccessControlAllowHeaders,
  "AccessControlAllowMethods" : AccessControlAllowMethods,
  "AccessControlAllowOrigins" : AccessControlAllowOrigins,
  "AccessControlExposeHeaders" : AccessControlExposeHeaders,
  "AccessControlMaxAgeSec" : Integer,
  "OriginOverride" : Boolean
}

YAML


  AccessControlAllowCredentials: Boolean
  AccessControlAllowHeaders: 
    AccessControlAllowHeaders
  AccessControlAllowMethods: 
    AccessControlAllowMethods
  AccessControlAllowOrigins: 
    AccessControlAllowOrigins
  AccessControlExposeHeaders: 
    AccessControlExposeHeaders
  AccessControlMaxAgeSec: Integer
  OriginOverride: Boolean

Properties

AccessControlAllowCredentials

A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.

For more information about the Access-Control-Allow-Credentials HTTP response header, see Access-Control-Allow-Credentials in the MDN Web Docs.

Required: Yes

Type: Boolean

Update requires: No interruption

AccessControlAllowHeaders

A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.

For more information about the Access-Control-Allow-Headers HTTP response header, see Access-Control-Allow-Headers in the MDN Web Docs.

Required: Yes

Type: AccessControlAllowHeaders

Update requires: No interruption

AccessControlAllowMethods

A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.

For more information about the Access-Control-Allow-Methods HTTP response header, see Access-Control-Allow-Methods in the MDN Web Docs.

Required: Yes

Type: AccessControlAllowMethods

Update requires: No interruption

AccessControlAllowOrigins

A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.

For more information about the Access-Control-Allow-Origin HTTP response header, see Access-Control-Allow-Origin in the MDN Web Docs.

Required: Yes

Type: AccessControlAllowOrigins

Update requires: No interruption

AccessControlExposeHeaders

A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.

For more information about the Access-Control-Expose-Headers HTTP response header, see Access-Control-Expose-Headers in the MDN Web Docs.

Required: No

Type: AccessControlExposeHeaders

Update requires: No interruption

AccessControlMaxAgeSec

A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.

For more information about the Access-Control-Max-Age HTTP response header, see Access-Control-Max-Age in the MDN Web Docs.

Required: No

Type: Integer

Update requires: No interruption

OriginOverride

A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.

Required: Yes

Type: Boolean

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ContentTypeOptions

CustomHeader