diff --git a/README.md b/README.md index 11342f1..b264190 100644 --- a/README.md +++ b/README.md @@ -107,6 +107,8 @@ proxy requests. The following options are supported: Example: `["cookie"]` * dictionary of lowercase strings `setHeaders` - Set headers for the request (overwrites existing ones). Example: `{"x-powered-by": "CORS Anywhere"}` +* number `corsMaxAge` - If set, an Access-Control-Max-Age request header with this value (in seconds) will be added. + Example: `600` - Allow CORS preflight request to be cached by the browser for 10 minutes. * string `helpFile` - Set the help file (shown at the homepage). Example: `"myCustomHelpText.txt"` diff --git a/lib/cors-anywhere.js b/lib/cors-anywhere.js index d4ee6e2..e4c722a 100644 --- a/lib/cors-anywhere.js +++ b/lib/cors-anywhere.js @@ -52,6 +52,10 @@ function isValidHostName(hostname) { */ function withCORS(headers, request) { headers['access-control-allow-origin'] = '*'; + var corsMaxAge = request.corsAnywhereRequestState.corsMaxAge; + if (corsMaxAge) { + headers['access-control-max-age'] = corsMaxAge; + } if (request.headers['access-control-request-method']) { headers['access-control-allow-methods'] = request.headers['access-control-request-method']; delete request.headers['access-control-request-method']; @@ -234,6 +238,7 @@ function getHandler(options, proxy) { requireHeader: null, // Require a header to be set? removeHeaders: [], // Strip these request headers. setHeaders: {}, // Set these request headers. + corsMaxAge: 0, // If set, an Access-Control-Max-Age header with this value (in seconds) will be added. helpFile: __dirname + '/help.txt', }; @@ -262,6 +267,12 @@ function getHandler(options, proxy) { }; return function(req, res) { + req.corsAnywhereRequestState = { + getProxyForUrl: corsAnywhere.getProxyForUrl, + maxRedirects: corsAnywhere.maxRedirects, + corsMaxAge: corsAnywhere.corsMaxAge, + }; + var cors_headers = withCORS({}, req); if (req.method === 'OPTIONS') { // Pre-flight request. Reply successfully: @@ -349,12 +360,8 @@ function getHandler(options, proxy) { req.headers[header] = corsAnywhere.setHeaders[header]; }); - req.corsAnywhereRequestState = { - location: location, - getProxyForUrl: corsAnywhere.getProxyForUrl, - maxRedirects: corsAnywhere.maxRedirects, - proxyBaseUrl: proxyBaseUrl, - }; + req.corsAnywhereRequestState.location = location; + req.corsAnywhereRequestState.proxyBaseUrl = proxyBaseUrl; proxyRequest(req, res, proxy); }; diff --git a/test/test.js b/test/test.js index 910f4b7..8ea2870 100644 --- a/test/test.js +++ b/test/test.js @@ -810,6 +810,58 @@ describe('setHeaders + removeHeaders', function() { }); }); +describe('Access-Control-Max-Age set', function() { + before(function() { + cors_anywhere = createServer({ + corsMaxAge: 600, + }); + cors_anywhere_port = cors_anywhere.listen(0).address().port; + }); + after(stopServer); + + it('GET /', function(done) { + request(cors_anywhere) + .get('/') + .type('text/plain') + .expect('Access-Control-Allow-Origin', '*') + .expect('Access-Control-Max-Age', '600') + .expect(200, helpText, done); + }); + + it('GET /example.com', function(done) { + request(cors_anywhere) + .get('/example.com') + .expect('Access-Control-Allow-Origin', '*') + .expect('Access-Control-Max-Age', '600') + .expect(200, 'Response from example.com', done); + }); +}); + +describe('Access-Control-Max-Age not set', function() { + before(function() { + cors_anywhere = createServer(); + cors_anywhere_port = cors_anywhere.listen(0).address().port; + }); + after(stopServer); + + it('GET /', function(done) { + request(cors_anywhere) + .get('/') + .type('text/plain') + .expect('Access-Control-Allow-Origin', '*') + .expectNoHeader('Access-Control-Max-Age') + .expect(200, helpText, done); + }); + + it('GET /example.com', function(done) { + request(cors_anywhere) + .get('/example.com') + .expect('Access-Control-Allow-Origin', '*') + .expectNoHeader('Access-Control-Max-Age') + .expect(200, 'Response from example.com', done); + }); +}); + describe('httpProxyOptions.xfwd=false', function() { before(function() { cors_anywhere = createServer({