Skip to content

Latest commit

 

History

History
75 lines (57 loc) · 3.38 KB

sam-property-api-corsconfiguration.md

File metadata and controls

75 lines (57 loc) · 3.38 KB
Raw

CorsConfiguration

Manage cross-origin resource sharing (CORS) for your API Gateway APIs. Specify the domain to allow as a string or specify a dictionary with additional Cors configuration. NOTE: Cors requires SAM to modify your OpenAPI definition, so it only works with inline OpenApi defined in the DefinitionBody property.

For more information about CORS, see Enable CORS for an API Gateway REST API Resource in the Amazon API Gateway Developer Guide.

Note: If CorsConfiguration is set both in OpenAPI and at the property level, AWS SAM merges them, with the properties taking precedence.

Syntax

To declare this entity in your AWS SAM template, use the following syntax:

YAML

  [AllowCredentials](#sam-api-corsconfiguration-allowcredentials): String
  [AllowHeaders](#sam-api-corsconfiguration-allowheaders): String
  [AllowMethods](#sam-api-corsconfiguration-allowmethods): String
  [AllowOrigin](#sam-api-corsconfiguration-alloworigin): String
  [MaxAge](#sam-api-corsconfiguration-maxage): String

Properties

AllowCredentials Boolean indicating whether request is allowed to contain credentials.
Type: String
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

AllowHeaders String of headers to allow.
Type: String
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

AllowMethods String containing the HTTP methods to allow.
Type: String
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

AllowOrigin String of origin to allow.
Type: String
Required: Yes
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

MaxAge String containing the number of seconds to cache CORS Preflight request.
Type: String
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Examples

CorsConfiguration

Cors Configuration example. This is just a portion of an AWS SAM template file showing an AWS::Serverless::Api definition with Cors configured.

YAML

Resources:
  ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Cors:
        AllowMethods: "POST, GET"
        AllowHeaders: "X-Forwarded-For"
        AllowOrigin: "www.example.com"
        MaxAge: "600"
        AllowCredentials: True