ResponseHeadersCorsBehavior
- class aws_cdk.aws_cloudfront.ResponseHeadersCorsBehavior(*, access_control_allow_credentials, access_control_allow_headers, access_control_allow_methods, access_control_allow_origins, origin_override, access_control_expose_headers=None, access_control_max_age=None)
Bases:
object
Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.
- Parameters:
access_control_allow_credentials (
bool
) – A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.access_control_allow_headers (
Sequence
[str
]) – A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header. You can specify['*']
to allow all headers.access_control_allow_methods (
Sequence
[str
]) – A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.access_control_allow_origins (
Sequence
[str
]) – A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header. You can specify['*']
to allow all origins.origin_override (
bool
) – A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.access_control_expose_headers (
Optional
[Sequence
[str
]]) – A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header. You can specify['*']
to expose all headers. Default: - no headers exposedaccess_control_max_age (
Optional
[Duration
]) – A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header. Default: - no max age
- ExampleMetadata:
infused
Example:
# Using an existing managed response headers policy # bucket_origin: origins.S3Origin cloudfront.Distribution(self, "myDistManagedPolicy", default_behavior=cloudfront.BehaviorOptions( origin=bucket_origin, response_headers_policy=cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS ) ) # Creating a custom response headers policy -- all parameters optional my_response_headers_policy = cloudfront.ResponseHeadersPolicy(self, "ResponseHeadersPolicy", response_headers_policy_name="MyPolicy", comment="A default policy", cors_behavior=cloudfront.ResponseHeadersCorsBehavior( access_control_allow_credentials=False, access_control_allow_headers=["X-Custom-Header-1", "X-Custom-Header-2"], access_control_allow_methods=["GET", "POST"], access_control_allow_origins=["*"], access_control_expose_headers=["X-Custom-Header-1", "X-Custom-Header-2"], access_control_max_age=Duration.seconds(600), origin_override=True ), custom_headers_behavior=cloudfront.ResponseCustomHeadersBehavior( custom_headers=[cloudfront.ResponseCustomHeader(header="X-Amz-Date", value="some-value", override=True), cloudfront.ResponseCustomHeader(header="X-Amz-Security-Token", value="some-value", override=False) ] ), security_headers_behavior=cloudfront.ResponseSecurityHeadersBehavior( content_security_policy=cloudfront.ResponseHeadersContentSecurityPolicy(content_security_policy="default-src https:;", override=True), content_type_options=cloudfront.ResponseHeadersContentTypeOptions(override=True), frame_options=cloudfront.ResponseHeadersFrameOptions(frame_option=cloudfront.HeadersFrameOption.DENY, override=True), referrer_policy=cloudfront.ResponseHeadersReferrerPolicy(referrer_policy=cloudfront.HeadersReferrerPolicy.NO_REFERRER, override=True), strict_transport_security=cloudfront.ResponseHeadersStrictTransportSecurity(access_control_max_age=Duration.seconds(600), include_subdomains=True, override=True), xss_protection=cloudfront.ResponseHeadersXSSProtection(protection=True, mode_block=False, report_uri="https://example.com/csp-report", override=True) ), remove_headers=["Server"], server_timing_sampling_rate=50 ) cloudfront.Distribution(self, "myDistCustomPolicy", default_behavior=cloudfront.BehaviorOptions( origin=bucket_origin, response_headers_policy=my_response_headers_policy ) )
Attributes
- access_control_allow_credentials
A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.
- access_control_allow_headers
A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
You can specify
['*']
to allow all headers.
- access_control_allow_methods
A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
- access_control_allow_origins
A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
You can specify
['*']
to allow all origins.
- access_control_expose_headers
A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
You can specify
['*']
to expose all headers.- Default:
no headers exposed
- access_control_max_age
A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.
- Default:
no max age
- origin_override
A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.