Interface ICorsOptions
- Namespace
- Amazon.CDK.AWS.APIGateway
- Assembly
- Amazon.CDK.AWS.APIGateway.dll
public interface ICorsOptionsExamples
Resource myResource;
myResource.AddCorsPreflight(new CorsOptions {
AllowOrigins = new [] { "https://amazon.com" },
AllowMethods = new [] { "GET", "PUT" }
});Remarks
ExampleMetadata: infused
Properties
AllowCredentials
The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".
bool? AllowCredentials { get; }Property Value
- bool?
Remarks
When a request's credentials mode (Request.credentials) is "include", browsers will only expose the response to frontend JavaScript code if the Access-Control-Allow-Credentials value is true.
Credentials are cookies, authorization headers or TLS client certificates.
Default: false
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
AllowHeaders
The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
string[]? AllowHeaders { get; }Property Value
- string[]
Remarks
Default: Cors.DEFAULT_HEADERS
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
AllowMethods
The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.
string[]? AllowMethods { get; }Property Value
- string[]
Remarks
If ANY is specified, it will be expanded to Cors.ALL_METHODS.
Default: Cors.ALL_METHODS
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
AllowOrigins
Specifies the list of origins that are allowed to make requests to this resource.
string[] AllowOrigins { get; }Property Value
- string[]
Remarks
If you wish to allow all origins, specify Cors.ALL_ORIGINS or
[ * ].
Responses will include the Access-Control-Allow-Origin response header.
If Cors.ALL_ORIGINS is specified, the Vary: Origin response header will
also be included.
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
DisableCache
Sets Access-Control-Max-Age to -1, which means that caching is disabled.
bool? DisableCache { get; }Property Value
- bool?
Remarks
This option cannot be used with maxAge.
Default: - cache is enabled
ExposeHeaders
The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.
string[]? ExposeHeaders { get; }Property Value
- string[]
Remarks
If you want clients to be able to access other headers, you have to list them using the Access-Control-Expose-Headers header.
Default: - only the 6 CORS-safelisted response headers are exposed: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
MaxAge
The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
Duration? MaxAge { get; }Property Value
- Duration
Remarks
To disable caching altogether use disableCache: true.
Default: - browser-specific (see reference)
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
StatusCode
Specifies the response status code returned from the OPTIONS method.
double? StatusCode { get; }Property Value
Remarks
Default: 204