@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)", date="2022-09-19T20:26:36.157Z") @Stability(value=Stable) public interface CorsOptions extends software.amazon.jsii.JsiiSerializable
Resource myResource;
myResource.addCorsPreflight(CorsOptions.builder()
.allowOrigins(List.of("https://amazon.com"))
.allowMethods(List.of("GET", "PUT"))
.build());
| Modifier and Type | Interface and Description |
|---|---|
static class |
CorsOptions.Builder
A builder for
CorsOptions |
static class |
CorsOptions.Jsii$Proxy
An implementation for
CorsOptions |
| Modifier and Type | Method and Description |
|---|---|
static CorsOptions.Builder |
builder() |
default Boolean |
getAllowCredentials()
The Access-Control-Allow-Credentials response header tells browsers whether to expose the response to frontend JavaScript code when the request's credentials mode (Request.credentials) is "include".
|
default List<String> |
getAllowHeaders()
The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
|
default List<String> |
getAllowMethods()
The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.
|
List<String> |
getAllowOrigins()
Specifies the list of origins that are allowed to make requests to this resource.
|
default Boolean |
getDisableCache()
Sets Access-Control-Max-Age to -1, which means that caching is disabled.
|
default List<String> |
getExposeHeaders()
The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.
|
default Duration |
getMaxAge()
The Access-Control-Max-Age response header indicates how long the results of a preflight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
|
default Number |
getStatusCode()
Specifies the response status code returned from the OPTIONS method.
|
@Stability(value=Stable) @NotNull List<String> getAllowOrigins()
If you wish to allow all origins, specify Cors.ALL_ORIGINS or
[ * ].
Responses will include the Access-Control-Allow-Origin response header.
If Cors.ALL_ORIGINS is specified, the Vary: Origin response header will
also be included.
@Stability(value=Stable) @Nullable default Boolean getAllowCredentials()
When a request's credentials mode (Request.credentials) is "include", browsers will only expose the response to frontend JavaScript code if the Access-Control-Allow-Credentials value is true.
Credentials are cookies, authorization headers or TLS client certificates.
Default: false
@Stability(value=Stable) @Nullable default List<String> getAllowHeaders()
Default: Cors.DEFAULT_HEADERS
@Stability(value=Stable) @Nullable default List<String> getAllowMethods()
If ANY is specified, it will be expanded to Cors.ALL_METHODS.
Default: Cors.ALL_METHODS
@Stability(value=Stable) @Nullable default Boolean getDisableCache()
This option cannot be used with maxAge.
Default: - cache is enabled
@Stability(value=Stable) @Nullable default List<String> getExposeHeaders()
If you want clients to be able to access other headers, you have to list them using the Access-Control-Expose-Headers header.
Default: - only the 6 CORS-safelisted response headers are exposed: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma
@Stability(value=Stable) @Nullable default Duration getMaxAge()
To disable caching altogether use disableCache: true.
Default: - browser-specific (see reference)
@Stability(value=Stable) @Nullable default Number getStatusCode()
Default: 204
@Stability(value=Stable) static CorsOptions.Builder builder()
CorsOptions.Builder of CorsOptionsCopyright © 2022. All rights reserved.