Class CorsOptions
Inheritance
Implements
Namespace: Amazon.CDK.AWS.APIGateway
Assembly: Amazon.CDK.AWS.APIGateway.dll
Syntax (csharp)
public class CorsOptions : Object, ICorsOptions
Syntax (vb)
Public Class CorsOptions
Inherits Object
Implements ICorsOptions
Remarks
ExampleMetadata: infused
Examples
Resource myResource;
myResource.AddCorsPreflight(new CorsOptions {
AllowOrigins = new [] { "https://amazon.com" },
AllowMethods = new [] { "GET", "PUT" }
});
Synopsis
Constructors
CorsOptions() |
Properties
AllowCredentials | The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include". |
AllowHeaders | The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request. |
AllowMethods | The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request. |
AllowOrigins | Specifies the list of origins that are allowed to make requests to this resource. |
DisableCache | Sets Access-Control-Max-Age to -1, which means that caching is disabled. |
ExposeHeaders | The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names. |
MaxAge | The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached. |
StatusCode | Specifies the response status code returned from the OPTIONS method. |
Constructors
CorsOptions()
public CorsOptions()
Properties
AllowCredentials
The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".
public Nullable<bool> AllowCredentials { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
When a request's credentials mode (Request.credentials) is "include", browsers will only expose the response to frontend JavaScript code if the Access-Control-Allow-Credentials value is true.
Credentials are cookies, authorization headers or TLS client certificates.
Default: false
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
AllowHeaders
The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
public string[] AllowHeaders { get; set; }
Property Value
System.String[]
Remarks
Default: Cors.DEFAULT_HEADERS
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
AllowMethods
The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.
public string[] AllowMethods { get; set; }
Property Value
System.String[]
Remarks
If ANY
is specified, it will be expanded to Cors.ALL_METHODS
.
Default: Cors.ALL_METHODS
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
AllowOrigins
Specifies the list of origins that are allowed to make requests to this resource.
public string[] AllowOrigins { get; set; }
Property Value
System.String[]
Remarks
If you wish to allow all origins, specify Cors.ALL_ORIGINS
or
[ * ]
.
Responses will include the Access-Control-Allow-Origin
response header.
If Cors.ALL_ORIGINS
is specified, the Vary: Origin
response header will
also be included.
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
DisableCache
Sets Access-Control-Max-Age to -1, which means that caching is disabled.
public Nullable<bool> DisableCache { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
This option cannot be used with maxAge
.
Default: - cache is enabled
ExposeHeaders
The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.
public string[] ExposeHeaders { get; set; }
Property Value
System.String[]
Remarks
If you want clients to be able to access other headers, you have to list them using the Access-Control-Expose-Headers header.
Default: - only the 6 CORS-safelisted response headers are exposed: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
MaxAge
The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
public Duration MaxAge { get; set; }
Property Value
Remarks
To disable caching altogether use disableCache: true
.
Default: - browser-specific (see reference)
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
StatusCode
Specifies the response status code returned from the OPTIONS method.
public Nullable<double> StatusCode { get; set; }
Property Value
System.Nullable<System.Double>
Remarks
Default: 204