Interface ICorsOptions
Namespace: Amazon.CDK.AWS.APIGateway
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface ICorsOptions
Syntax (vb)
Public Interface ICorsOptions
Remarks
ExampleMetadata: infused
Examples
new RestApi(this, "api", new RestApiProps {
DefaultCorsPreflightOptions = new CorsOptions {
AllowOrigins = Cors.ALL_ORIGINS,
AllowMethods = Cors.ALL_METHODS
}
});
Synopsis
Properties
AllowCredentials | The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include". |
AllowHeaders | The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request. |
AllowMethods | The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request. |
AllowOrigins | Specifies the list of origins that are allowed to make requests to this resource. |
DisableCache | Sets Access-Control-Max-Age to -1, which means that caching is disabled. |
ExposeHeaders | The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names. |
MaxAge | The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached. |
StatusCode | Specifies the response status code returned from the OPTIONS method. |
Properties
AllowCredentials
The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".
virtual Nullable<bool> AllowCredentials { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
When a request's credentials mode (Request.credentials) is "include", browsers will only expose the response to frontend JavaScript code if the Access-Control-Allow-Credentials value is true.
Credentials are cookies, authorization headers or TLS client certificates.
Default: false
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
AllowHeaders
The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
virtual string[] AllowHeaders { get; }
Property Value
System.String[]
Remarks
Default: Cors.DEFAULT_HEADERS
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
AllowMethods
The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.
virtual string[] AllowMethods { get; }
Property Value
System.String[]
Remarks
If ANY
is specified, it will be expanded to Cors.ALL_METHODS
.
Default: Cors.ALL_METHODS
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
AllowOrigins
Specifies the list of origins that are allowed to make requests to this resource.
string[] AllowOrigins { get; }
Property Value
System.String[]
Remarks
If you wish to allow all origins, specify Cors.ALL_ORIGINS
or
[ * ]
.
Responses will include the Access-Control-Allow-Origin
response header.
If Cors.ALL_ORIGINS
is specified, the Vary: Origin
response header will
also be included.
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
DisableCache
Sets Access-Control-Max-Age to -1, which means that caching is disabled.
virtual Nullable<bool> DisableCache { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
This option cannot be used with maxAge
.
Default: - cache is enabled
ExposeHeaders
The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.
virtual string[] ExposeHeaders { get; }
Property Value
System.String[]
Remarks
If you want clients to be able to access other headers, you have to list them using the Access-Control-Expose-Headers header.
Default: - only the 6 CORS-safelisted response headers are exposed: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
MaxAge
The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
virtual Duration MaxAge { get; }
Property Value
Remarks
To disable caching altogether use disableCache: true
.
Default: - browser-specific (see reference)
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
StatusCode
Specifies the response status code returned from the OPTIONS method.
virtual Nullable<double> StatusCode { get; }
Property Value
System.Nullable<System.Double>
Remarks
Default: 204