Skip to content

Latest commit

 

History

History
80 lines (61 loc) · 3.79 KB

sam-property-httpapi-httpapicorsconfiguration.md

File metadata and controls

80 lines (61 loc) · 3.79 KB
Raw

HttpApiCorsConfiguration

Manage cross-origin resource sharing (CORS) for your HTTP APIs. Specify the domain to allow as a string or specify a dictionary with additional Cors configuration. NOTE: Cors requires SAM to modify your OpenAPI definition, so it only works with inline OpenApi defined in the DefinitionBody property.

For more information about CORS, see Configuring CORS for an HTTP API in the API Gateway Developer Guide.

Note: If HttpApiCorsConfiguration is set both in OpenAPI and at the property level, AWS SAM merges them with the properties taking precedence.

Syntax

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

YAML

  [AllowCredentials](#sam-httpapi-httpapicorsconfiguration-allowcredentials): Boolean
  [AllowHeaders](#sam-httpapi-httpapicorsconfiguration-allowheaders): List
  [AllowMethods](#sam-httpapi-httpapicorsconfiguration-allowmethods): List
  [AllowOrigins](#sam-httpapi-httpapicorsconfiguration-alloworigins): List
  [ExposeHeaders](#sam-httpapi-httpapicorsconfiguration-exposeheaders): List
  [MaxAge](#sam-httpapi-httpapicorsconfiguration-maxage): Integer

Properties

AllowCredentials Specifies whether credentials are included in the CORS request.
Type: Boolean
Required: No
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

AllowHeaders Represents a collection of allowed headers.
Type: List
Required: No
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

AllowMethods Represents a collection of allowed HTTP methods.
Type: List
Required: No
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

AllowOrigins Represents a collection of allowed origins.
Type: List
Required: No
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

ExposeHeaders Represents a collection of exposed headers.
Type: List
Required: No
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

MaxAge The number of seconds that the browser should cache preflight request results.
Type: Integer
Required: No
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Examples

HttpApiCorsConfiguration

HTTP API Cors Configuration example.

YAML

CorsConfiguration:
  AllowOrigins:
    - "https://example.com"
  AllowHeaders:
    - x-apigateway-header
  AllowMethods:
    - GET
  MaxAge: 600
  AllowCredentials: True