Merge pull request #77 from gnjack/maxAge

Allow caching of CORS headers by setting Access-Control-Max-Age header
2026-05-13 15:09:25 +00:00 · 2017-07-16 11:10:36 +02:00
parent 70400ab166 49d429dd60
commit 143eff177c
3 changed files with 67 additions and 6 deletions
--- a/README.md
+++ b/README.md
@@ -107,6 +107,8 @@ proxy requests. The following options are supported:
  Example: `["cookie"]`
 * dictionary of lowercase strings `setHeaders` - Set headers for the request (overwrites existing ones).  
  Example: `{"x-powered-by": "CORS Anywhere"}`
+* number `corsMaxAge` - If set, an Access-Control-Max-Age request header with this value (in seconds) will be added.  
+  Example: `600` - Allow CORS preflight request to be cached by the browser for 10 minutes.
 * string `helpFile` - Set the help file (shown at the homepage).  
  Example: `"myCustomHelpText.txt"`

--- a/lib/cors-anywhere.js
+++ b/lib/cors-anywhere.js
@@ -52,6 +52,10 @@ function isValidHostName(hostname) {
 */
 function withCORS(headers, request) {
  headers['access-control-allow-origin'] = '*';
+  var corsMaxAge = request.corsAnywhereRequestState.corsMaxAge;
+  if (corsMaxAge) {
+    headers['access-control-max-age'] = corsMaxAge;
+  }
  if (request.headers['access-control-request-method']) {
    headers['access-control-allow-methods'] = request.headers['access-control-request-method'];
    delete request.headers['access-control-request-method'];
@@ -234,6 +238,7 @@ function getHandler(options, proxy) {
    requireHeader: null,            // Require a header to be set?
    removeHeaders: [],              // Strip these request headers.
    setHeaders: {},                 // Set these request headers.
+    corsMaxAge: 0,                  // If set, an Access-Control-Max-Age header with this value (in seconds) will be added.
    helpFile: __dirname + '/help.txt',
  };

@@ -262,6 +267,12 @@ function getHandler(options, proxy) {
  };

  return function(req, res) {
+    req.corsAnywhereRequestState = {
+      getProxyForUrl: corsAnywhere.getProxyForUrl,
+      maxRedirects: corsAnywhere.maxRedirects,
+      corsMaxAge: corsAnywhere.corsMaxAge,
+    };
+
    var cors_headers = withCORS({}, req);
    if (req.method === 'OPTIONS') {
      // Pre-flight request. Reply successfully:
@@ -349,12 +360,8 @@ function getHandler(options, proxy) {
      req.headers[header] = corsAnywhere.setHeaders[header];
    });

-    req.corsAnywhereRequestState = {
-      location: location,
-      getProxyForUrl: corsAnywhere.getProxyForUrl,
-      maxRedirects: corsAnywhere.maxRedirects,
-      proxyBaseUrl: proxyBaseUrl,
-    };
+    req.corsAnywhereRequestState.location = location;
+    req.corsAnywhereRequestState.proxyBaseUrl = proxyBaseUrl;

    proxyRequest(req, res, proxy);
  };
--- a/test/test.js
+++ b/test/test.js
@@ -810,6 +810,58 @@ describe('setHeaders + removeHeaders', function() {
  });
 });

+describe('Access-Control-Max-Age set', function() {
+  before(function() {
+    cors_anywhere = createServer({
+      corsMaxAge: 600,
+    });
+    cors_anywhere_port = cors_anywhere.listen(0).address().port;
+  });
+  after(stopServer);
+
+  it('GET /', function(done) {
+    request(cors_anywhere)
+      .get('/')
+      .type('text/plain')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('Access-Control-Max-Age', '600')
+      .expect(200, helpText, done);
+  });
+
+  it('GET /example.com', function(done) {
+    request(cors_anywhere)
+      .get('/example.com')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('Access-Control-Max-Age', '600')
+      .expect(200, 'Response from example.com', done);
+  });
+});
+
+describe('Access-Control-Max-Age not set', function() {
+  before(function() {
+    cors_anywhere = createServer();
+    cors_anywhere_port = cors_anywhere.listen(0).address().port;
+  });
+  after(stopServer);
+
+  it('GET /', function(done) {
+    request(cors_anywhere)
+      .get('/')
+      .type('text/plain')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expectNoHeader('Access-Control-Max-Age')
+      .expect(200, helpText, done);
+  });
+
+  it('GET /example.com', function(done) {
+    request(cors_anywhere)
+      .get('/example.com')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expectNoHeader('Access-Control-Max-Age')
+      .expect(200, 'Response from example.com', done);
+  });
+});
+
 describe('httpProxyOptions.xfwd=false', function() {
  before(function() {
    cors_anywhere = createServer({