AWS::CloudFront::ResponseHeadersPolicy CorsConfig
A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.
For more information about CORS, see Cross-Origin Resource
Sharing (CORS)
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "AccessControlAllowCredentials" :
Boolean
, "AccessControlAllowHeaders" :AccessControlAllowHeaders
, "AccessControlAllowMethods" :AccessControlAllowMethods
, "AccessControlAllowOrigins" :AccessControlAllowOrigins
, "AccessControlExposeHeaders" :AccessControlExposeHeaders
, "AccessControlMaxAgeSec" :Integer
, "OriginOverride" :Boolean
}
YAML
AccessControlAllowCredentials:
Boolean
AccessControlAllowHeaders:AccessControlAllowHeaders
AccessControlAllowMethods:AccessControlAllowMethods
AccessControlAllowOrigins:AccessControlAllowOrigins
AccessControlExposeHeaders:AccessControlExposeHeaders
AccessControlMaxAgeSec:Integer
OriginOverride:Boolean
Properties
AccessControlAllowCredentials
-
A Boolean that CloudFront uses as the value for the
Access-Control-Allow-Credentials
HTTP response header.For more information about the
Access-Control-Allow-Credentials
HTTP response header, see Access-Control-Allow-Credentialsin the MDN Web Docs. Required: Yes
Type: Boolean
Update requires: No interruption
AccessControlAllowHeaders
-
A list of HTTP header names that CloudFront includes as values for the
Access-Control-Allow-Headers
HTTP response header.For more information about the
Access-Control-Allow-Headers
HTTP response header, see Access-Control-Allow-Headersin the MDN Web Docs. Required: Yes
Type: AccessControlAllowHeaders
Update requires: No interruption
AccessControlAllowMethods
-
A list of HTTP methods that CloudFront includes as values for the
Access-Control-Allow-Methods
HTTP response header.For more information about the
Access-Control-Allow-Methods
HTTP response header, see Access-Control-Allow-Methodsin the MDN Web Docs. Required: Yes
Type: AccessControlAllowMethods
Update requires: No interruption
AccessControlAllowOrigins
-
A list of origins (domain names) that CloudFront can use as the value for the
Access-Control-Allow-Origin
HTTP response header.For more information about the
Access-Control-Allow-Origin
HTTP response header, see Access-Control-Allow-Originin the MDN Web Docs. Required: Yes
Type: AccessControlAllowOrigins
Update requires: No interruption
AccessControlExposeHeaders
-
A list of HTTP headers that CloudFront includes as values for the
Access-Control-Expose-Headers
HTTP response header.For more information about the
Access-Control-Expose-Headers
HTTP response header, see Access-Control-Expose-Headersin the MDN Web Docs. Required: No
Type: AccessControlExposeHeaders
Update requires: No interruption
AccessControlMaxAgeSec
-
A number that CloudFront uses as the value for the
Access-Control-Max-Age
HTTP response header.For more information about the
Access-Control-Max-Age
HTTP response header, see Access-Control-Max-Agein the MDN Web Docs. Required: No
Type: Integer
Update requires: No interruption
OriginOverride
-
A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.
Required: Yes
Type: Boolean
Update requires: No interruption