x-amazon-apigateway-cors object

Specifies the cross-origin resource sharing (CORS) configuration for an HTTP API. The extension applies to the root-level OpenAPI structure. To learn more, see Configure CORS for HTTP APIs in API Gateway.

Property name	Type	Description
`allowOrigins`	`Array`	Specifies the allowed origins.
`allowCredentials`	`Boolean`	Specifies whether credentials are included in the CORS request.
`exposeHeaders`	`Array`	Specifies the headers that are exposed.
`maxAge`	`Integer`	Specifies the number of seconds that the browser should cache preflight request results.
`allowMethods`	`Array`	Specifies the allowed HTTP methods.
`allowHeaders`	`Array`	Specifies the allowed headers.

x-amazon-apigateway-cors example

The following is an example CORS configuration for an HTTP API.


"x-amazon-apigateway-cors": {
    "allowOrigins": [
      "https://www.example.com"
    ],
    "allowCredentials": true,
    "exposeHeaders": [
      "x-apigateway-header",
      "x-amz-date",
      "content-type"
    ],
    "maxAge": 3600,
    "allowMethods": [
      "GET",
      "OPTIONS",
      "POST"
    ],
    "allowHeaders": [
      "x-apigateway-header",
      "x-amz-date",
      "content-type"
    ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

x-amazon-apigateway-any-method

x-amazon-apigateway-api-key-source