Interface CorsOptions
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CorsOptions.Jsii$Proxy
RestApi.Builder.create(this, "api") .defaultCorsPreflightOptions(CorsOptions.builder() .allowOrigins(Cors.ALL_ORIGINS) .allowMethods(Cors.ALL_METHODS) .build()) .build();
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forCorsOptions
static final class
An implementation forCorsOptions
-
Method Summary
Modifier and TypeMethodDescriptionstatic CorsOptions.Builder
builder()
default Boolean
The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.Specifies the list of origins that are allowed to make requests to this resource.default Boolean
Sets Access-Control-Max-Age to -1, which means that caching is disabled.The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.default Duration
The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.default Number
Specifies the response status code returned from the OPTIONS method.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getAllowOrigins
Specifies the list of origins that are allowed to make requests to this resource.If you wish to allow all origins, specify
Cors.ALL_ORIGINS
or[ * ]
.Responses will include the
Access-Control-Allow-Origin
response header. IfCors.ALL_ORIGINS
is specified, theVary: Origin
response header will also be included.- See Also:
-
getAllowCredentials
The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".When a request's credentials mode (Request.credentials) is "include", browsers will only expose the response to frontend JavaScript code if the Access-Control-Allow-Credentials value is true.
Credentials are cookies, authorization headers or TLS client certificates.
Default: false
- See Also:
-
getAllowHeaders
The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.Default: Cors.DEFAULT_HEADERS
- See Also:
-
getAllowMethods
The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.If
ANY
is specified, it will be expanded toCors.ALL_METHODS
.Default: Cors.ALL_METHODS
- See Also:
-
getDisableCache
Sets Access-Control-Max-Age to -1, which means that caching is disabled.This option cannot be used with
maxAge
.Default: - cache is enabled
-
getExposeHeaders
The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.If you want clients to be able to access other headers, you have to list them using the Access-Control-Expose-Headers header.
Default: - only the 6 CORS-safelisted response headers are exposed: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma
- See Also:
-
getMaxAge
The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.To disable caching altogether use
disableCache: true
.Default: - browser-specific (see reference)
- See Also:
-
getStatusCode
Specifies the response status code returned from the OPTIONS method.Default: 204
-
builder
- Returns:
- a
CorsOptions.Builder
ofCorsOptions
-