Class ResponseHeadersCorsBehavior
Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
Inheritance
Implements
Namespace: Amazon.CDK.AWS.CloudFront
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class ResponseHeadersCorsBehavior : Object, IResponseHeadersCorsBehaviorSyntax (vb)
Public Class ResponseHeadersCorsBehavior
Inherits Object
Implements IResponseHeadersCorsBehaviorRemarks
CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.
ExampleMetadata: infused
Examples
// Using an existing managed response headers policy
S3Origin bucketOrigin;
new Distribution(this, "myDistManagedPolicy", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = bucketOrigin,
ResponseHeadersPolicy = ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS
}
});
// Creating a custom response headers policy -- all parameters optional
var myResponseHeadersPolicy = new ResponseHeadersPolicy(this, "ResponseHeadersPolicy", new ResponseHeadersPolicyProps {
ResponseHeadersPolicyName = "MyPolicy",
Comment = "A default policy",
CorsBehavior = new ResponseHeadersCorsBehavior {
AccessControlAllowCredentials = false,
AccessControlAllowHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
AccessControlAllowMethods = new [] { "GET", "POST" },
AccessControlAllowOrigins = new [] { "*" },
AccessControlExposeHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
AccessControlMaxAge = Duration.Seconds(600),
OriginOverride = true
},
CustomHeadersBehavior = new ResponseCustomHeadersBehavior {
CustomHeaders = new [] { new ResponseCustomHeader { Header = "X-Amz-Date", Value = "some-value", Override = true }, new ResponseCustomHeader { Header = "X-Amz-Security-Token", Value = "some-value", Override = false } }
},
SecurityHeadersBehavior = new ResponseSecurityHeadersBehavior {
ContentSecurityPolicy = new ResponseHeadersContentSecurityPolicy { ContentSecurityPolicy = "default-src https:;", Override = true },
ContentTypeOptions = new ResponseHeadersContentTypeOptions { Override = true },
FrameOptions = new ResponseHeadersFrameOptions { FrameOption = HeadersFrameOption.DENY, Override = true },
ReferrerPolicy = new ResponseHeadersReferrerPolicy { ReferrerPolicy = HeadersReferrerPolicy.NO_REFERRER, Override = true },
StrictTransportSecurity = new ResponseHeadersStrictTransportSecurity { AccessControlMaxAge = Duration.Seconds(600), IncludeSubdomains = true, Override = true },
XssProtection = new ResponseHeadersXSSProtection { Protection = true, ModeBlock = false, ReportUri = "https://example.com/csp-report", Override = true }
},
RemoveHeaders = new [] { "Server" },
ServerTimingSamplingRate = 50
});
new Distribution(this, "myDistCustomPolicy", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = bucketOrigin,
ResponseHeadersPolicy = myResponseHeadersPolicy
}
});Synopsis
Constructors
| ResponseHeadersCorsBehavior() |
Properties
| AccessControlAllowCredentials | A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header. |
| AccessControlAllowHeaders | A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header. |
| AccessControlAllowMethods | A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header. |
| AccessControlAllowOrigins | A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header. |
| AccessControlExposeHeaders | A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header. |
| AccessControlMaxAge | A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header. |
| OriginOverride | A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy. |
Constructors
ResponseHeadersCorsBehavior()
public ResponseHeadersCorsBehavior()Properties
AccessControlAllowCredentials
A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.
public bool AccessControlAllowCredentials { get; set; }Property Value
System.Boolean
AccessControlAllowHeaders
A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
public string[] AccessControlAllowHeaders { get; set; }Property Value
System.String[]
Remarks
You can specify ['*'] to allow all headers.
AccessControlAllowMethods
A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
public string[] AccessControlAllowMethods { get; set; }Property Value
System.String[]
AccessControlAllowOrigins
A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
public string[] AccessControlAllowOrigins { get; set; }Property Value
System.String[]
Remarks
You can specify ['*'] to allow all origins.
AccessControlExposeHeaders
A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
public string[] AccessControlExposeHeaders { get; set; }Property Value
System.String[]
Remarks
You can specify ['*'] to expose all headers.
Default: - no headers exposed
AccessControlMaxAge
A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.
public Duration AccessControlMaxAge { get; set; }Property Value
Remarks
Default: - no max age
OriginOverride
A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.
public bool OriginOverride { get; set; }Property Value
System.Boolean