FunctionUrlCorsOptions

class aws_cdk.aws_lambda.FunctionUrlCorsOptions(*, allow_credentials=None, allowed_headers=None, allowed_methods=None, allowed_origins=None, exposed_headers=None, max_age=None)

Bases: object

Specifies a cross-origin access property for a function URL.

Parameters:
  • allow_credentials (Optional[bool]) – Whether to allow cookies or other credentials in requests to your function URL. Default: false

  • allowed_headers (Optional[Sequence[str]]) – Headers that are specified in the Access-Control-Request-Headers header. Default: - No headers allowed.

  • allowed_methods (Optional[Sequence[HttpMethod]]) – An HTTP method that you allow the origin to execute. Default: - [HttpMethod.ALL]

  • allowed_origins (Optional[Sequence[str]]) – One or more origins you want customers to be able to access the bucket from. Default: - No origins allowed.

  • exposed_headers (Optional[Sequence[str]]) – One or more headers in the response that you want customers to be able to access from their applications. Default: - No headers exposed.

  • max_age (Optional[Duration]) – The time in seconds that your browser is to cache the preflight response for the specified resource. Default: - Browser default of 5 seconds.

ExampleMetadata:

infused

Example:

# fn: lambda.Function


fn.add_function_url(
    auth_type=lambda_.FunctionUrlAuthType.NONE,
    cors=lambda.FunctionUrlCorsOptions(
        # Allow this to be called from websites on https://example.com.
        # Can also be ['*'] to allow all domain.
        allowed_origins=["https://example.com"]
    )
)

Attributes

allow_credentials

Whether to allow cookies or other credentials in requests to your function URL.

Default:

false

allowed_headers

Headers that are specified in the Access-Control-Request-Headers header.

Default:
  • No headers allowed.

allowed_methods

An HTTP method that you allow the origin to execute.

Default:
  • [HttpMethod.ALL]

allowed_origins

One or more origins you want customers to be able to access the bucket from.

Default:
  • No origins allowed.

exposed_headers

One or more headers in the response that you want customers to be able to access from their applications.

Default:
  • No headers exposed.

max_age

The time in seconds that your browser is to cache the preflight response for the specified resource.

Default:
  • Browser default of 5 seconds.