Interface CorsOptions

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
CorsOptions.Jsii$Proxy

@Generated(value="jsii-pacmak/1.104.0 (build e79254c)", date="2024-12-17T21:37:25.474Z") @Stability(Stable) public interface CorsOptions extends software.amazon.jsii.JsiiSerializable
Example:

 RestApi.Builder.create(this, "api")
         .defaultCorsPreflightOptions(CorsOptions.builder()
                 .allowOrigins(Cors.ALL_ORIGINS)
                 .allowMethods(Cors.ALL_METHODS)
                 .build())
         .build();
 
  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Interface
    Description
    static final class 
    A builder for CorsOptions
    static final class 
    An implementation for CorsOptions
  • Method Summary

    Modifier and Type
    Method
    Description
     
    default Boolean
    The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".
    default List<String>
    The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
    default List<String>
    The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.
    Specifies the list of origins that are allowed to make requests to this resource.
    default Boolean
    Sets Access-Control-Max-Age to -1, which means that caching is disabled.
    default List<String>
    The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.
    default Duration
    The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
    default Number
    Specifies the response status code returned from the OPTIONS method.

    Methods inherited from interface software.amazon.jsii.JsiiSerializable

    $jsii$toJson
  • Method Details

    • getAllowOrigins

      @Stability(Stable) @NotNull List<String> getAllowOrigins()
      Specifies the list of origins that are allowed to make requests to this resource.

      If you wish to allow all origins, specify Cors.ALL_ORIGINS or [ * ].

      Responses will include the Access-Control-Allow-Origin response header. If Cors.ALL_ORIGINS is specified, the Vary: Origin response header will also be included.

      See Also:
    • getAllowCredentials

      @Stability(Stable) @Nullable default Boolean getAllowCredentials()
      The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".

      When a request's credentials mode (Request.credentials) is "include", browsers will only expose the response to frontend JavaScript code if the Access-Control-Allow-Credentials value is true.

      Credentials are cookies, authorization headers or TLS client certificates.

      Default: false

      See Also:
    • getAllowHeaders

      @Stability(Stable) @Nullable default List<String> getAllowHeaders()
      The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.

      Default: Cors.DEFAULT_HEADERS

      See Also:
    • getAllowMethods

      @Stability(Stable) @Nullable default List<String> getAllowMethods()
      The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.

      If ANY is specified, it will be expanded to Cors.ALL_METHODS.

      Default: Cors.ALL_METHODS

      See Also:
    • getDisableCache

      @Stability(Stable) @Nullable default Boolean getDisableCache()
      Sets Access-Control-Max-Age to -1, which means that caching is disabled.

      This option cannot be used with maxAge.

      Default: - cache is enabled

    • getExposeHeaders

      @Stability(Stable) @Nullable default List<String> getExposeHeaders()
      The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.

      If you want clients to be able to access other headers, you have to list them using the Access-Control-Expose-Headers header.

      Default: - only the 6 CORS-safelisted response headers are exposed: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma

      See Also:
    • getMaxAge

      @Stability(Stable) @Nullable default Duration getMaxAge()
      The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.

      To disable caching altogether use disableCache: true.

      Default: - browser-specific (see reference)

      See Also:
    • getStatusCode

      @Stability(Stable) @Nullable default Number getStatusCode()
      Specifies the response status code returned from the OPTIONS method.

      Default: 204

    • builder

      @Stability(Stable) static CorsOptions.Builder builder()
      Returns:
      a CorsOptions.Builder of CorsOptions