HttpApiCorsConfiguration
Manage cross-origin resource sharing (CORS) for your HTTP APIs. Specify the domain to allow as a string or specify a dictionary with additional Cors configuration. NOTE: Cors requires SAM to modify your OpenAPI definition, so it only works with inline OpenApi defined in the DefinitionBody
property.
For more information about CORS, see Configuring CORS for an HTTP API in the API Gateway Developer Guide.
Note: If HttpApiCorsConfiguration is set both in OpenAPI and at the property level, Amazon SAM merges them with the properties taking precedence.
Syntax
To declare this entity in your Amazon Serverless Application Model (Amazon SAM) template, use the following syntax.
YAML
AllowCredentials:
Boolean
AllowHeaders:List
AllowMethods:List
AllowOrigins:List
ExposeHeaders:List
MaxAge:Integer
Properties
-
AllowCredentials
-
Specifies whether credentials are included in the CORS request.
Type: Boolean
Required: No
Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.
-
AllowHeaders
-
Represents a collection of allowed headers.
Type: List
Required: No
Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.
-
AllowMethods
-
Represents a collection of allowed HTTP methods.
Type: List
Required: No
Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.
-
AllowOrigins
-
Represents a collection of allowed origins.
Type: List
Required: No
Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.
-
ExposeHeaders
-
Represents a collection of exposed headers.
Type: List
Required: No
Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.
-
MaxAge
-
The number of seconds that the browser should cache preflight request results.
Type: Integer
Required: No
Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.
Examples
HttpApiCorsConfiguration
HTTP API Cors Configuration example.
YAML
CorsConfiguration: AllowOrigins: - "https://example.com" AllowHeaders: - x-apigateway-header AllowMethods: - GET MaxAge: 600 AllowCredentials: true