Add maxAge config option. If set, an Access-Control-Max-Age header with this value (in seconds) will be added.

README.md

@@ -107,6 +107,8 @@ proxy requests. The following options are supported:
   Example: `["cookie"]`
 * dictionary of lowercase strings `setHeaders` - Set headers for the request (overwrites existing ones).  
   Example: `{"x-powered-by": "CORS Anywhere"}`
+* number `maxAge` - If set, an Access-Control-Max-Age header with this value (in seconds) will be added.
+  Example: `600` - Allow CORS preflight request to be cached by the browser for 10 minutes.
 * string `helpFile` - Set the help file (shown at the homepage).  
   Example: `"myCustomHelpText.txt"`
 

lib/cors-anywhere.js

@@ -50,8 +50,11 @@ function isValidHostName(hostname) {
  * @param headers {object} Response headers
  * @param request {ServerRequest}
  */
-function withCORS(headers, request) {
+function withCORS(headers, request, maxAge) {
   headers['access-control-allow-origin'] = '*';
+  if (maxAge) {
+    headers['access-control-max-age'] = maxAge;
+  }
   if (request.headers['access-control-request-method']) {
     headers['access-control-allow-methods'] = request.headers['access-control-request-method'];
     delete request.headers['access-control-request-method'];
@@ -193,7 +196,7 @@ function onProxyResponse(proxy, proxyReq, proxyRes, req, res) {
   delete proxyRes.headers['set-cookie2'];
 
   proxyRes.headers['x-final-url'] = requestState.location.href;
-  withCORS(proxyRes.headers, req);
+  withCORS(proxyRes.headers, req, requestState.maxAge);
   return true;
 }
 
@@ -234,6 +237,7 @@ function getHandler(options, proxy) {
     requireHeader: null,            // Require a header to be set?
     removeHeaders: [],              // Strip these request headers.
     setHeaders: {},                 // Set these request headers.
+    maxAge: null,                   // If set, an Access-Control-Max-Age header with this value (in seconds) will be added.
     helpFile: __dirname + '/help.txt',
   };
 
@@ -262,7 +266,7 @@ function getHandler(options, proxy) {
   };
 
   return function(req, res) {
-    var cors_headers = withCORS({}, req);
+    var cors_headers = withCORS({}, req, corsAnywhere.maxAge);
     if (req.method === 'OPTIONS') {
       // Pre-flight request. Reply successfully:
       res.writeHead(200, cors_headers);
@@ -353,6 +357,7 @@ function getHandler(options, proxy) {
       location: location,
       getProxyForUrl: corsAnywhere.getProxyForUrl,
       maxRedirects: corsAnywhere.maxRedirects,
+      maxAge: corsAnywhere.maxAge,
       proxyBaseUrl: proxyBaseUrl,
     };
 

test/test.js

@@ -810,6 +810,58 @@ describe('setHeaders + removeHeaders', function() {
   });
 });
 
+describe('Access-Control-Max-Age set', function() {
+  before(function() {
+    cors_anywhere = createServer({
+      maxAge: 600,
+    });
+    cors_anywhere_port = cors_anywhere.listen(0).address().port;
+  });
+  after(stopServer);
+
+  it('GET /', function(done) {
+    request(cors_anywhere)
+      .get('/')
+      .type('text/plain')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('Access-Control-Max-Age', '600')
+      .expect(200, helpText, done);
+  });
+
+  it('GET /example.com', function(done) {
+    request(cors_anywhere)
+      .get('/example.com')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('Access-Control-Max-Age', '600')
+      .expect(200, 'Response from example.com', done);;
+  });
+});
+
+describe('Access-Control-Max-Age not set', function() {
+  before(function() {
+    cors_anywhere = createServer();
+    cors_anywhere_port = cors_anywhere.listen(0).address().port;
+  });
+  after(stopServer);
+
+  it('GET /', function(done) {
+    request(cors_anywhere)
+      .get('/')
+      .type('text/plain')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expectNoHeader('Access-Control-Max-Age')
+      .expect(200, helpText, done);
+  });
+
+  it('GET /example.com', function(done) {
+    request(cors_anywhere)
+      .get('/example.com')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expectNoHeader('Access-Control-Max-Age')
+      .expect(200, 'Response from example.com', done);
+  });
+});
+
 describe('httpProxyOptions.xfwd=false', function() {
   before(function() {
     cors_anywhere = createServer({