diff --git a/README.md b/README.md index 11342f1..a5ec7f6 100644 --- a/README.md +++ b/README.md @@ -107,6 +107,8 @@ proxy requests. The following options are supported: Example: `["cookie"]` * dictionary of lowercase strings `setHeaders` - Set headers for the request (overwrites existing ones). Example: `{"x-powered-by": "CORS Anywhere"}` +* number `maxAge` - If set, an Access-Control-Max-Age header with this value (in seconds) will be added. + Example: `600` - Allow CORS preflight request to be cached by the browser for 10 minutes. * string `helpFile` - Set the help file (shown at the homepage). Example: `"myCustomHelpText.txt"` diff --git a/lib/cors-anywhere.js b/lib/cors-anywhere.js index d4ee6e2..2b7357f 100644 --- a/lib/cors-anywhere.js +++ b/lib/cors-anywhere.js @@ -50,8 +50,11 @@ function isValidHostName(hostname) { * @param headers {object} Response headers * @param request {ServerRequest} */ -function withCORS(headers, request) { +function withCORS(headers, request, maxAge) { headers['access-control-allow-origin'] = '*'; + if (maxAge) { + headers['access-control-max-age'] = maxAge; + } if (request.headers['access-control-request-method']) { headers['access-control-allow-methods'] = request.headers['access-control-request-method']; delete request.headers['access-control-request-method']; @@ -193,7 +196,7 @@ function onProxyResponse(proxy, proxyReq, proxyRes, req, res) { delete proxyRes.headers['set-cookie2']; proxyRes.headers['x-final-url'] = requestState.location.href; - withCORS(proxyRes.headers, req); + withCORS(proxyRes.headers, req, requestState.maxAge); return true; } @@ -234,6 +237,7 @@ function getHandler(options, proxy) { requireHeader: null, // Require a header to be set? removeHeaders: [], // Strip these request headers. setHeaders: {}, // Set these request headers. + maxAge: null, // If set, an Access-Control-Max-Age header with this value (in seconds) will be added. helpFile: __dirname + '/help.txt', }; @@ -262,7 +266,7 @@ function getHandler(options, proxy) { }; return function(req, res) { - var cors_headers = withCORS({}, req); + var cors_headers = withCORS({}, req, corsAnywhere.maxAge); if (req.method === 'OPTIONS') { // Pre-flight request. Reply successfully: res.writeHead(200, cors_headers); @@ -353,6 +357,7 @@ function getHandler(options, proxy) { location: location, getProxyForUrl: corsAnywhere.getProxyForUrl, maxRedirects: corsAnywhere.maxRedirects, + maxAge: corsAnywhere.maxAge, proxyBaseUrl: proxyBaseUrl, }; diff --git a/test/test.js b/test/test.js index 910f4b7..086ba47 100644 --- a/test/test.js +++ b/test/test.js @@ -810,6 +810,58 @@ describe('setHeaders + removeHeaders', function() { }); }); +describe('Access-Control-Max-Age set', function() { + before(function() { + cors_anywhere = createServer({ + maxAge: 600, + }); + cors_anywhere_port = cors_anywhere.listen(0).address().port; + }); + after(stopServer); + + it('GET /', function(done) { + request(cors_anywhere) + .get('/') + .type('text/plain') + .expect('Access-Control-Allow-Origin', '*') + .expect('Access-Control-Max-Age', '600') + .expect(200, helpText, done); + }); + + it('GET /example.com', function(done) { + request(cors_anywhere) + .get('/example.com') + .expect('Access-Control-Allow-Origin', '*') + .expect('Access-Control-Max-Age', '600') + .expect(200, 'Response from example.com', done);; + }); +}); + +describe('Access-Control-Max-Age not set', function() { + before(function() { + cors_anywhere = createServer(); + cors_anywhere_port = cors_anywhere.listen(0).address().port; + }); + after(stopServer); + + it('GET /', function(done) { + request(cors_anywhere) + .get('/') + .type('text/plain') + .expect('Access-Control-Allow-Origin', '*') + .expectNoHeader('Access-Control-Max-Age') + .expect(200, helpText, done); + }); + + it('GET /example.com', function(done) { + request(cors_anywhere) + .get('/example.com') + .expect('Access-Control-Allow-Origin', '*') + .expectNoHeader('Access-Control-Max-Age') + .expect(200, 'Response from example.com', done); + }); +}); + describe('httpProxyOptions.xfwd=false', function() { before(function() { cors_anywhere = createServer({