@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)",
date="2023-01-25T18:29:08.451Z")
public interface CorsOptions
Resource myResource; myResource.addCorsPreflight(CorsOptions.builder() .allowOrigins(List.of("https://amazon.com")) .allowMethods(List.of("GET", "PUT")) .build());
Modifier and Type | Interface and Description |
---|---|
static class |
CorsOptions.Builder
A builder for
CorsOptions |
static class |
CorsOptions.Jsii$Proxy
An implementation for
CorsOptions |
Modifier and Type | Method and Description |
---|---|
static CorsOptions.Builder |
builder() |
default java.lang.Boolean |
getAllowCredentials()
The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".
|
default java.util.List<java.lang.String> |
getAllowHeaders()
The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
|
default java.util.List<java.lang.String> |
getAllowMethods()
The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.
|
java.util.List<java.lang.String> |
getAllowOrigins()
Specifies the list of origins that are allowed to make requests to this resource.
|
default java.lang.Boolean |
getDisableCache()
Sets Access-Control-Max-Age to -1, which means that caching is disabled.
|
default java.util.List<java.lang.String> |
getExposeHeaders()
The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.
|
default Duration |
getMaxAge()
The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
|
default java.lang.Number |
getStatusCode()
Specifies the response status code returned from the OPTIONS method.
|
java.util.List<java.lang.String> getAllowOrigins()
If you wish to allow all origins, specify Cors.ALL_ORIGINS
or
[ * ]
.
Responses will include the Access-Control-Allow-Origin
response header.
If Cors.ALL_ORIGINS
is specified, the Vary: Origin
response header will
also be included.
default java.lang.Boolean getAllowCredentials()
When a request's credentials mode (Request.credentials) is "include", browsers will only expose the response to frontend JavaScript code if the Access-Control-Allow-Credentials value is true.
Credentials are cookies, authorization headers or TLS client certificates.
Default: false
default java.util.List<java.lang.String> getAllowHeaders()
Default: Cors.DEFAULT_HEADERS
default java.util.List<java.lang.String> getAllowMethods()
If ANY
is specified, it will be expanded to Cors.ALL_METHODS
.
Default: Cors.ALL_METHODS
default java.lang.Boolean getDisableCache()
This option cannot be used with maxAge
.
Default: - cache is enabled
default java.util.List<java.lang.String> getExposeHeaders()
If you want clients to be able to access other headers, you have to list them using the Access-Control-Expose-Headers header.
Default: - only the 6 CORS-safelisted response headers are exposed: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma
default Duration getMaxAge()
To disable caching altogether use disableCache: true
.
Default: - browser-specific (see reference)
default java.lang.Number getStatusCode()
Default: 204
static CorsOptions.Builder builder()
CorsOptions.Builder
of CorsOptions