1 | import { Duration } from '@aws-cdk/core';
|
2 | export interface CorsOptions {
|
3 | /**
|
4 | * Specifies the response status code returned from the OPTIONS method.
|
5 | *
|
6 | * @default 204
|
7 | */
|
8 | readonly statusCode?: number;
|
9 | /**
|
10 | * Specifies the list of origins that are allowed to make requests to this
|
11 | * resource. If you wish to allow all origins, specify `Cors.ALL_ORIGINS` or
|
12 | * `[ * ]`.
|
13 | *
|
14 | * Responses will include the `Access-Control-Allow-Origin` response header.
|
15 | * If `Cors.ALL_ORIGINS` is specified, the `Vary: Origin` response header will
|
16 | * also be included.
|
17 | *
|
18 | * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
|
19 | */
|
20 | readonly allowOrigins: string[];
|
21 | /**
|
22 | * The Access-Control-Allow-Headers response header is used in response to a
|
23 | * preflight request which includes the Access-Control-Request-Headers to
|
24 | * indicate which HTTP headers can be used during the actual request.
|
25 | *
|
26 | * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
|
27 | * @default Cors.DEFAULT_HEADERS
|
28 | */
|
29 | readonly allowHeaders?: string[];
|
30 | /**
|
31 | * The Access-Control-Allow-Methods response header specifies the method or
|
32 | * methods allowed when accessing the resource in response to a preflight request.
|
33 | *
|
34 | * If `ANY` is specified, it will be expanded to `Cors.ALL_METHODS`.
|
35 | *
|
36 | * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
|
37 | * @default Cors.ALL_METHODS
|
38 | */
|
39 | readonly allowMethods?: string[];
|
40 | /**
|
41 | * The Access-Control-Allow-Credentials response header tells browsers whether
|
42 | * to expose the response to frontend JavaScript code when the request's
|
43 | * credentials mode (Request.credentials) is "include".
|
44 | *
|
45 | * When a request's credentials mode (Request.credentials) is "include",
|
46 | * browsers will only expose the response to frontend JavaScript code if the
|
47 | * Access-Control-Allow-Credentials value is true.
|
48 | *
|
49 | * Credentials are cookies, authorization headers or TLS client certificates.
|
50 | * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
|
51 | * @default false
|
52 | */
|
53 | readonly allowCredentials?: boolean;
|
54 | /**
|
55 | * The Access-Control-Max-Age response header indicates how long the results of
|
56 | * a preflight request (that is the information contained in the
|
57 | * Access-Control-Allow-Methods and Access-Control-Allow-Headers headers)
|
58 | * can be cached.
|
59 | *
|
60 | * To disable caching altogether use `disableCache: true`.
|
61 | *
|
62 | * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
|
63 | * @default - browser-specific (see reference)
|
64 | */
|
65 | readonly maxAge?: Duration;
|
66 | /**
|
67 | * Sets Access-Control-Max-Age to -1, which means that caching is disabled.
|
68 | * This option cannot be used with `maxAge`.
|
69 | *
|
70 | * @default - cache is enabled
|
71 | */
|
72 | readonly disableCache?: boolean;
|
73 | /**
|
74 | * The Access-Control-Expose-Headers response header indicates which headers
|
75 | * can be exposed as part of the response by listing their names.
|
76 | *
|
77 | * If you want clients to be able to access other headers, you have to list
|
78 | * them using the Access-Control-Expose-Headers header.
|
79 | *
|
80 | * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
|
81 | *
|
82 | * @default - only the 6 CORS-safelisted response headers are exposed:
|
83 | * Cache-Control, Content-Language, Content-Type, Expires, Last-Modified,
|
84 | * Pragma
|
85 | */
|
86 | readonly exposeHeaders?: string[];
|
87 | }
|
88 | export declare class Cors {
|
89 | /**
|
90 | * All HTTP methods.
|
91 | */
|
92 | static readonly ALL_METHODS: string[];
|
93 | /**
|
94 | * All origins.
|
95 | */
|
96 | static readonly ALL_ORIGINS: string[];
|
97 | /**
|
98 | * The set of default headers allowed for CORS and useful for API Gateway.
|
99 | */
|
100 | static readonly DEFAULT_HEADERS: string[];
|
101 | private constructor();
|
102 | }
|