Class ResponseHeadersCorsBehavior

Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).

Inheritance

object

ResponseHeadersCorsBehavior

Implements

IResponseHeadersCorsBehavior

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Namespace: Amazon.CDK.AWS.CloudFront

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public class ResponseHeadersCorsBehavior : IResponseHeadersCorsBehavior

Syntax (vb)

Public Class ResponseHeadersCorsBehavior Implements IResponseHeadersCorsBehavior

Remarks

CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.

ExampleMetadata: infused

Examples

// Using an existing managed response headers policy
             S3Origin bucketOrigin;

             new Distribution(this, "myDistManagedPolicy", new DistributionProps {
                 DefaultBehavior = new BehaviorOptions {
                     Origin = bucketOrigin,
                     ResponseHeadersPolicy = ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS
                 }
             });

             // Creating a custom response headers policy -- all parameters optional
             var myResponseHeadersPolicy = new ResponseHeadersPolicy(this, "ResponseHeadersPolicy", new ResponseHeadersPolicyProps {
                 ResponseHeadersPolicyName = "MyPolicy",
                 Comment = "A default policy",
                 CorsBehavior = new ResponseHeadersCorsBehavior {
                     AccessControlAllowCredentials = false,
                     AccessControlAllowHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
                     AccessControlAllowMethods = new [] { "GET", "POST" },
                     AccessControlAllowOrigins = new [] { "*" },
                     AccessControlExposeHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
                     AccessControlMaxAge = Duration.Seconds(600),
                     OriginOverride = true
                 },
                 CustomHeadersBehavior = new ResponseCustomHeadersBehavior {
                     CustomHeaders = new [] { new ResponseCustomHeader { Header = "X-Amz-Date", Value = "some-value", Override = true }, new ResponseCustomHeader { Header = "X-Amz-Security-Token", Value = "some-value", Override = false } }
                 },
                 SecurityHeadersBehavior = new ResponseSecurityHeadersBehavior {
                     ContentSecurityPolicy = new ResponseHeadersContentSecurityPolicy { ContentSecurityPolicy = "default-src https:;", Override = true },
                     ContentTypeOptions = new ResponseHeadersContentTypeOptions { Override = true },
                     FrameOptions = new ResponseHeadersFrameOptions { FrameOption = HeadersFrameOption.DENY, Override = true },
                     ReferrerPolicy = new ResponseHeadersReferrerPolicy { ReferrerPolicy = HeadersReferrerPolicy.NO_REFERRER, Override = true },
                     StrictTransportSecurity = new ResponseHeadersStrictTransportSecurity { AccessControlMaxAge = Duration.Seconds(600), IncludeSubdomains = true, Override = true },
                     XssProtection = new ResponseHeadersXSSProtection { Protection = true, ModeBlock = false, ReportUri = "https://example.com/csp-report", Override = true }
                 },
                 RemoveHeaders = new [] { "Server" },
                 ServerTimingSamplingRate = 50
             });
             new Distribution(this, "myDistCustomPolicy", new DistributionProps {
                 DefaultBehavior = new BehaviorOptions {
                     Origin = bucketOrigin,
                     ResponseHeadersPolicy = myResponseHeadersPolicy
                 }
             });

Synopsis

Constructors

ResponseHeadersCorsBehavior()

Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).

Properties

AccessControlAllowCredentials	A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.
AccessControlAllowHeaders	A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
AccessControlAllowMethods	A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
AccessControlAllowOrigins	A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
AccessControlExposeHeaders	A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
AccessControlMaxAge	A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.
OriginOverride	A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.

Constructors

ResponseHeadersCorsBehavior()

Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).

public ResponseHeadersCorsBehavior()

Remarks

CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.

ExampleMetadata: infused

Examples

// Using an existing managed response headers policy
             S3Origin bucketOrigin;

             new Distribution(this, "myDistManagedPolicy", new DistributionProps {
                 DefaultBehavior = new BehaviorOptions {
                     Origin = bucketOrigin,
                     ResponseHeadersPolicy = ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS
                 }
             });

             // Creating a custom response headers policy -- all parameters optional
             var myResponseHeadersPolicy = new ResponseHeadersPolicy(this, "ResponseHeadersPolicy", new ResponseHeadersPolicyProps {
                 ResponseHeadersPolicyName = "MyPolicy",
                 Comment = "A default policy",
                 CorsBehavior = new ResponseHeadersCorsBehavior {
                     AccessControlAllowCredentials = false,
                     AccessControlAllowHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
                     AccessControlAllowMethods = new [] { "GET", "POST" },
                     AccessControlAllowOrigins = new [] { "*" },
                     AccessControlExposeHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
                     AccessControlMaxAge = Duration.Seconds(600),
                     OriginOverride = true
                 },
                 CustomHeadersBehavior = new ResponseCustomHeadersBehavior {
                     CustomHeaders = new [] { new ResponseCustomHeader { Header = "X-Amz-Date", Value = "some-value", Override = true }, new ResponseCustomHeader { Header = "X-Amz-Security-Token", Value = "some-value", Override = false } }
                 },
                 SecurityHeadersBehavior = new ResponseSecurityHeadersBehavior {
                     ContentSecurityPolicy = new ResponseHeadersContentSecurityPolicy { ContentSecurityPolicy = "default-src https:;", Override = true },
                     ContentTypeOptions = new ResponseHeadersContentTypeOptions { Override = true },
                     FrameOptions = new ResponseHeadersFrameOptions { FrameOption = HeadersFrameOption.DENY, Override = true },
                     ReferrerPolicy = new ResponseHeadersReferrerPolicy { ReferrerPolicy = HeadersReferrerPolicy.NO_REFERRER, Override = true },
                     StrictTransportSecurity = new ResponseHeadersStrictTransportSecurity { AccessControlMaxAge = Duration.Seconds(600), IncludeSubdomains = true, Override = true },
                     XssProtection = new ResponseHeadersXSSProtection { Protection = true, ModeBlock = false, ReportUri = "https://example.com/csp-report", Override = true }
                 },
                 RemoveHeaders = new [] { "Server" },
                 ServerTimingSamplingRate = 50
             });
             new Distribution(this, "myDistCustomPolicy", new DistributionProps {
                 DefaultBehavior = new BehaviorOptions {
                     Origin = bucketOrigin,
                     ResponseHeadersPolicy = myResponseHeadersPolicy
                 }
             });

Properties

AccessControlAllowCredentials

A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.

public bool AccessControlAllowCredentials { get; set; }

Property Value

bool

Remarks

CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.

ExampleMetadata: infused

AccessControlAllowHeaders

A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.

public string[] AccessControlAllowHeaders { get; set; }

Property Value

string[]

Remarks

You can specify ['*'] to allow all headers.

AccessControlAllowMethods

A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.

public string[] AccessControlAllowMethods { get; set; }

Property Value

string[]

Remarks

Allowed methods: 'GET', 'DELETE', 'HEAD', 'OPTIONS', 'PATCH', 'POST', and 'PUT'. You can specify ['ALL'] to allow all methods.

AccessControlAllowOrigins

A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.

public string[] AccessControlAllowOrigins { get; set; }

Property Value

string[]

Remarks

You can specify ['*'] to allow all origins.

AccessControlExposeHeaders

A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.

public string[]? AccessControlExposeHeaders { get; set; }

Property Value

string[]

Remarks

You can specify ['*'] to expose all headers.

Default: - no headers exposed

AccessControlMaxAge

A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.

public Duration? AccessControlMaxAge { get; set; }

Property Value

Duration

Remarks

Default: - no max age

OriginOverride

A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.

public bool OriginOverride { get; set; }

Property Value

bool

Remarks

CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.

ExampleMetadata: infused

Implements

IResponseHeadersCorsBehavior