aws-cdk-lib.aws_cloudfront.ResponseHeadersCorsBehavior

interface ResponseHeadersCorsBehavior

LanguageType name
.NETAmazon.CDK.AWS.CloudFront.ResponseHeadersCorsBehavior
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#ResponseHeadersCorsBehavior
Javasoftware.amazon.awscdk.services.cloudfront.ResponseHeadersCorsBehavior
Pythonaws_cdk.aws_cloudfront.ResponseHeadersCorsBehavior
TypeScript (source)aws-cdk-lib » aws_cloudfront » ResponseHeadersCorsBehavior

Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).

CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.

Example

// Using an existing managed response headers policy
declare const bucketOrigin: origins.S3Origin;
new cloudfront.Distribution(this, 'myDistManagedPolicy', {
  defaultBehavior: {
    origin: bucketOrigin,
    responseHeadersPolicy: cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
  },
});

// Creating a custom response headers policy -- all parameters optional
const myResponseHeadersPolicy = new cloudfront.ResponseHeadersPolicy(this, 'ResponseHeadersPolicy', {
  responseHeadersPolicyName: 'MyPolicy',
  comment: 'A default policy',
  corsBehavior: {
    accessControlAllowCredentials: false,
    accessControlAllowHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
    accessControlAllowMethods: ['GET', 'POST'],
    accessControlAllowOrigins: ['*'],
    accessControlExposeHeaders: ['X-Custom-Header-1', 'X-Custom-Header-2'],
    accessControlMaxAge: Duration.seconds(600),
    originOverride: true,
  },
  customHeadersBehavior: {
    customHeaders: [
      { header: 'X-Amz-Date', value: 'some-value', override: true },
      { header: 'X-Amz-Security-Token', value: 'some-value', override: false },
    ],
  },
  securityHeadersBehavior: {
    contentSecurityPolicy: { contentSecurityPolicy: 'default-src https:;', override: true },
    contentTypeOptions: { override: true },
    frameOptions: { frameOption: cloudfront.HeadersFrameOption.DENY, override: true },
    referrerPolicy: { referrerPolicy: cloudfront.HeadersReferrerPolicy.NO_REFERRER, override: true },
    strictTransportSecurity: { accessControlMaxAge: Duration.seconds(600), includeSubdomains: true, override: true },
    xssProtection: { protection: true, modeBlock: true, reportUri: 'https://example.com/csp-report', override: true },
  },
  removeHeaders: ['Server'],
  serverTimingSamplingRate: 50,
});
new cloudfront.Distribution(this, 'myDistCustomPolicy', {
  defaultBehavior: {
    origin: bucketOrigin,
    responseHeadersPolicy: myResponseHeadersPolicy,
  },
});

Properties

NameTypeDescription
accessControlAllowCredentialsbooleanA Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.
accessControlAllowHeadersstring[]A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
accessControlAllowMethodsstring[]A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
accessControlAllowOriginsstring[]A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
originOverridebooleanA Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.
accessControlExposeHeaders?string[]A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
accessControlMaxAge?DurationA number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.

accessControlAllowCredentials

Type: boolean

A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.


accessControlAllowHeaders

Type: string[]

A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.

You can specify ['*'] to allow all headers.


accessControlAllowMethods

Type: string[]

A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.


accessControlAllowOrigins

Type: string[]

A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.

You can specify ['*'] to allow all origins.


originOverride

Type: boolean

A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.


accessControlExposeHeaders?

Type: string[] (optional, default: no headers exposed)

A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.

You can specify ['*'] to expose all headers.


accessControlMaxAge?

Type: Duration (optional, default: no max age)

A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.