@Generated(value="jsii-pacmak/1.60.0 (build ebcefe6)",
date="2022-07-01T09:58:39.387Z")
public interface ResponseHeadersCorsBehavior
CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.
Example:
// Using an existing managed response headers policy S3Origin bucketOrigin; Distribution.Builder.create(this, "myDistManagedPolicy") .defaultBehavior(BehaviorOptions.builder() .origin(bucketOrigin) .responseHeadersPolicy(ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS) .build()) .build(); // Creating a custom response headers policy -- all parameters optional ResponseHeadersPolicy myResponseHeadersPolicy = ResponseHeadersPolicy.Builder.create(this, "ResponseHeadersPolicy") .responseHeadersPolicyName("MyPolicy") .comment("A default policy") .corsBehavior(ResponseHeadersCorsBehavior.builder() .accessControlAllowCredentials(false) .accessControlAllowHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2")) .accessControlAllowMethods(List.of("GET", "POST")) .accessControlAllowOrigins(List.of("*")) .accessControlExposeHeaders(List.of("X-Custom-Header-1", "X-Custom-Header-2")) .accessControlMaxAge(Duration.seconds(600)) .originOverride(true) .build()) .customHeadersBehavior(ResponseCustomHeadersBehavior.builder() .customHeaders(List.of(ResponseCustomHeader.builder().header("X-Amz-Date").value("some-value").override(true).build(), ResponseCustomHeader.builder().header("X-Amz-Security-Token").value("some-value").override(false).build())) .build()) .securityHeadersBehavior(ResponseSecurityHeadersBehavior.builder() .contentSecurityPolicy(ResponseHeadersContentSecurityPolicy.builder().contentSecurityPolicy("default-src https:;").override(true).build()) .contentTypeOptions(ResponseHeadersContentTypeOptions.builder().override(true).build()) .frameOptions(ResponseHeadersFrameOptions.builder().frameOption(HeadersFrameOption.DENY).override(true).build()) .referrerPolicy(ResponseHeadersReferrerPolicy.builder().referrerPolicy(HeadersReferrerPolicy.NO_REFERRER).override(true).build()) .strictTransportSecurity(ResponseHeadersStrictTransportSecurity.builder().accessControlMaxAge(Duration.seconds(600)).includeSubdomains(true).override(true).build()) .xssProtection(ResponseHeadersXSSProtection.builder().protection(true).modeBlock(true).reportUri("https://example.com/csp-report").override(true).build()) .build()) .build(); Distribution.Builder.create(this, "myDistCustomPolicy") .defaultBehavior(BehaviorOptions.builder() .origin(bucketOrigin) .responseHeadersPolicy(myResponseHeadersPolicy) .build()) .build();
Modifier and Type | Interface and Description |
---|---|
static class |
ResponseHeadersCorsBehavior.Builder
A builder for
ResponseHeadersCorsBehavior |
static class |
ResponseHeadersCorsBehavior.Jsii$Proxy
An implementation for
ResponseHeadersCorsBehavior |
Modifier and Type | Method and Description |
---|---|
static ResponseHeadersCorsBehavior.Builder |
builder() |
java.lang.Boolean |
getAccessControlAllowCredentials()
A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.
|
java.util.List<java.lang.String> |
getAccessControlAllowHeaders()
A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
|
java.util.List<java.lang.String> |
getAccessControlAllowMethods()
A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
|
java.util.List<java.lang.String> |
getAccessControlAllowOrigins()
A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
|
default java.util.List<java.lang.String> |
getAccessControlExposeHeaders()
A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
|
default Duration |
getAccessControlMaxAge()
A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.
|
java.lang.Boolean |
getOriginOverride()
A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.
|
java.lang.Boolean getAccessControlAllowCredentials()
java.util.List<java.lang.String> getAccessControlAllowHeaders()
You can specify ['*']
to allow all headers.
java.util.List<java.lang.String> getAccessControlAllowMethods()
java.util.List<java.lang.String> getAccessControlAllowOrigins()
You can specify ['*']
to allow all origins.
java.lang.Boolean getOriginOverride()
default java.util.List<java.lang.String> getAccessControlExposeHeaders()
You can specify ['*']
to expose all headers.
Default: - no headers exposed
default Duration getAccessControlMaxAge()
Default: - no max age
static ResponseHeadersCorsBehavior.Builder builder()