software.amazon.awscdk.services.apigateway

Interface CorsOptions

All Known Implementing Classes:

CorsOptions.Jsii$Proxy

@Generated(value="jsii-pacmak/1.58.0 (build f8ba112)",
           date="2022-05-13T01:13:36.972Z")
public interface CorsOptions

Example:

 Resource myResource;
 myResource.addCorsPreflight(CorsOptions.builder()
         .allowOrigins(List.of("https://amazon.com"))
         .allowMethods(List.of("GET", "PUT"))
         .build());
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	CorsOptions.Builder A builder for CorsOptions
static class	CorsOptions.Jsii$Proxy An implementation for CorsOptions

Method Summary

Modifier and Type	Method and Description
static CorsOptions.Builder	builder()
default java.lang.Boolean	getAllowCredentials() The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".
default java.util.List<java.lang.String>	getAllowHeaders() The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
default java.util.List<java.lang.String>	getAllowMethods() The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.
java.util.List<java.lang.String>	getAllowOrigins() Specifies the list of origins that are allowed to make requests to this resource.
default java.lang.Boolean	getDisableCache() Sets Access-Control-Max-Age to -1, which means that caching is disabled.
default java.util.List<java.lang.String>	getExposeHeaders() The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.
default Duration	getMaxAge() The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
default java.lang.Number	getStatusCode() Specifies the response status code returned from the OPTIONS method.

Method Detail

getAllowOrigins

java.util.List<java.lang.String> getAllowOrigins()

Specifies the list of origins that are allowed to make requests to this resource.

If you wish to allow all origins, specify Cors.ALL_ORIGINS or [ * ].

Responses will include the Access-Control-Allow-Origin response header. If Cors.ALL_ORIGINS is specified, the Vary: Origin response header will also be included.

See Also:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

getAllowCredentials

default java.lang.Boolean getAllowCredentials()

The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".

When a request's credentials mode (Request.credentials) is "include", browsers will only expose the response to frontend JavaScript code if the Access-Control-Allow-Credentials value is true.

Credentials are cookies, authorization headers or TLS client certificates.

Default: false

See Also:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials

getAllowHeaders

default java.util.List<java.lang.String> getAllowHeaders()

The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.

Default: Cors.DEFAULT_HEADERS

See Also:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

getAllowMethods

default java.util.List<java.lang.String> getAllowMethods()

The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.

If ANY is specified, it will be expanded to Cors.ALL_METHODS.

Default: Cors.ALL_METHODS

See Also:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods

getDisableCache

default java.lang.Boolean getDisableCache()

Sets Access-Control-Max-Age to -1, which means that caching is disabled.

This option cannot be used with maxAge.

Default: - cache is enabled

getExposeHeaders

default java.util.List<java.lang.String> getExposeHeaders()

The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.

If you want clients to be able to access other headers, you have to list them using the Access-Control-Expose-Headers header.

Default: - only the 6 CORS-safelisted response headers are exposed: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma

See Also:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers

getMaxAge

default Duration getMaxAge()

The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.

To disable caching altogether use disableCache: true.

Default: - browser-specific (see reference)

See Also:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age

getStatusCode

default java.lang.Number getStatusCode()

Specifies the response status code returned from the OPTIONS method.

Default: 204

builder

static CorsOptions.Builder builder()

Returns:

a CorsOptions.Builder of CorsOptions