UNPKG

@aws-cdk/aws-apigateway/lib/cors.d.ts

Version:

4.08 kBTypeScriptView Raw

1import { Duration } from '@aws-cdk/core';
2export interface CorsOptions {
  /**
   * Specifies the response status code returned from the OPTIONS method.
   *
   * @default 204
   */
  readonly statusCode?: number;
  /**
   * Specifies the list of origins that are allowed to make requests to this
   * resource. If you wish to allow all origins, specify `Cors.ALL_ORIGINS` or
   * `[ * ]`.
   *
   * Responses will include the `Access-Control-Allow-Origin` response header.
   * If `Cors.ALL_ORIGINS` is specified, the `Vary: Origin` response header will
   * also be included.
   *
   * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
   */
  readonly allowOrigins: string[];
  /**
   * The Access-Control-Allow-Headers response header is used in response to a
   * preflight request which includes the Access-Control-Request-Headers to
   * indicate which HTTP headers can be used during the actual request.
   *
   * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
   * @default Cors.DEFAULT_HEADERS
   */
  readonly allowHeaders?: string[];
  /**
   * The Access-Control-Allow-Methods response header specifies the method or
   * methods allowed when accessing the resource in response to a preflight request.
   *
   * If `ANY` is specified, it will be expanded to `Cors.ALL_METHODS`.
   *
   * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
   * @default Cors.ALL_METHODS
   */
  readonly allowMethods?: string[];
  /**
   * The Access-Control-Allow-Credentials response header tells browsers whether
   * to expose the response to frontend JavaScript code when the request's
   * credentials mode (Request.credentials) is "include".
   *
   * When a request's credentials mode (Request.credentials) is "include",
   * browsers will only expose the response to frontend JavaScript code if the
   * Access-Control-Allow-Credentials value is true.
   *
   * Credentials are cookies, authorization headers or TLS client certificates.
   * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
   * @default false
   */
  readonly allowCredentials?: boolean;
  /**
   * The Access-Control-Max-Age response header indicates how long the results of
   * a preflight request (that is the information contained in the
   * Access-Control-Allow-Methods and Access-Control-Allow-Headers headers)
   * can be cached.
   *
   * To disable caching altogether use `disableCache: true`.
   *
   * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
   * @default - browser-specific (see reference)
   */
  readonly maxAge?: Duration;
  /**
   * Sets Access-Control-Max-Age to -1, which means that caching is disabled.
   * This option cannot be used with `maxAge`.
   *
   * @default - cache is enabled
   */
  readonly disableCache?: boolean;
  /**
   * The Access-Control-Expose-Headers response header indicates which headers
   * can be exposed as part of the response by listing their names.
   *
   * If you want clients to be able to access other headers, you have to list
   * them using the Access-Control-Expose-Headers header.
   *
   * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
   *
   * @default - only the 6 CORS-safelisted response headers are exposed:
   * Cache-Control, Content-Language, Content-Type, Expires, Last-Modified,
   * Pragma
   */
  readonly exposeHeaders?: string[];
87}
88export declare class Cors {
  /**
   * All HTTP methods.
   */
  static readonly ALL_METHODS: string[];
  /**
   * All origins.
   */
  static readonly ALL_ORIGINS: string[];
  /**
   * The set of default headers allowed for CORS and useful for API Gateway.
   */
  static readonly DEFAULT_HEADERS: string[];
  private constructor();
102}

1	`import { Duration } from '@aws-cdk/core';`
2	`export interface CorsOptions {`
3	`/**`
4	`* Specifies the response status code returned from the OPTIONS method.`
5	`*`
6	`* @default 204`
7	`*/`
8	`readonly statusCode?: number;`
9	`/**`
10	`* Specifies the list of origins that are allowed to make requests to this`
11	* resource. If you wish to allow all origins, specify `Cors.ALL_ORIGINS` or
12	* `[ * ]`.
13	`*`
14	* Responses will include the `Access-Control-Allow-Origin` response header.
15	* If `Cors.ALL_ORIGINS` is specified, the `Vary: Origin` response header will
16	`* also be included.`
17	`*`
18	`* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin`
19	`*/`
20	`readonly allowOrigins: string[];`
21	`/**`
22	`* The Access-Control-Allow-Headers response header is used in response to a`
23	`* preflight request which includes the Access-Control-Request-Headers to`
24	`* indicate which HTTP headers can be used during the actual request.`
25	`*`
26	`* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers`
27	`* @default Cors.DEFAULT_HEADERS`
28	`*/`
29	`readonly allowHeaders?: string[];`
30	`/**`
31	`* The Access-Control-Allow-Methods response header specifies the method or`
32	`* methods allowed when accessing the resource in response to a preflight request.`
33	`*`
34	* If `ANY` is specified, it will be expanded to `Cors.ALL_METHODS`.
35	`*`
36	`* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods`
37	`* @default Cors.ALL_METHODS`
38	`*/`
39	`readonly allowMethods?: string[];`
40	`/**`
41	`* The Access-Control-Allow-Credentials response header tells browsers whether`
42	`* to expose the response to frontend JavaScript code when the request's`
43	`* credentials mode (Request.credentials) is "include".`
44	`*`
45	`* When a request's credentials mode (Request.credentials) is "include",`
46	`* browsers will only expose the response to frontend JavaScript code if the`
47	`* Access-Control-Allow-Credentials value is true.`
48	`*`
49	`* Credentials are cookies, authorization headers or TLS client certificates.`
50	`* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials`
51	`* @default false`
52	`*/`
53	`readonly allowCredentials?: boolean;`
54	`/**`
55	`* The Access-Control-Max-Age response header indicates how long the results of`
56	`* a preflight request (that is the information contained in the`
57	`* Access-Control-Allow-Methods and Access-Control-Allow-Headers headers)`
58	`* can be cached.`
59	`*`
60	* To disable caching altogether use `disableCache: true`.
61	`*`
62	`* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age`
63	`* @default - browser-specific (see reference)`
64	`*/`
65	`readonly maxAge?: Duration;`
66	`/**`
67	`* Sets Access-Control-Max-Age to -1, which means that caching is disabled.`
68	* This option cannot be used with `maxAge`.
69	`*`
70	`* @default - cache is enabled`
71	`*/`
72	`readonly disableCache?: boolean;`
73	`/**`
74	`* The Access-Control-Expose-Headers response header indicates which headers`
75	`* can be exposed as part of the response by listing their names.`
76	`*`
77	`* If you want clients to be able to access other headers, you have to list`
78	`* them using the Access-Control-Expose-Headers header.`
79	`*`
80	`* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers`
81	`*`
82	`* @default - only the 6 CORS-safelisted response headers are exposed:`
83	`* Cache-Control, Content-Language, Content-Type, Expires, Last-Modified,`
84	`* Pragma`
85	`*/`
86	`readonly exposeHeaders?: string[];`
87	`}`
88	`export declare class Cors {`
89	`/**`
90	`* All HTTP methods.`
91	`*/`
92	`static readonly ALL_METHODS: string[];`
93	`/**`
94	`* All origins.`
95	`*/`
96	`static readonly ALL_ORIGINS: string[];`
97	`/**`
98	`* The set of default headers allowed for CORS and useful for API Gateway.`
99	`*/`
100	`static readonly DEFAULT_HEADERS: string[];`
101	`private constructor();`
102	`}`