From 5ce0bf7764f004ea03e7cb90db2349aec1dc8d8b Mon Sep 17 00:00:00 2001 From: nguyenchr Date: Fri, 10 Oct 2014 18:14:36 +1100 Subject: [PATCH] Add option to specify the preflight max age --- README.md | 1 + src/preflight.js | 6 +++++- test/cors.preflight.spec.js | 14 ++++++++++++-- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index eddc9cd..18370df 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ var corsMiddleware = require('restify-cors-middleware'); var cors = corsMiddleware({ + preflightMaxAge: 5 //Optional origins: ['http://api.myapp.com', 'http://web.myapp.com'], allowHeaders: ['API-Token'], exposeHeaders: ['API-Token-Expiry'] diff --git a/src/preflight.js b/src/preflight.js index 743e037..dce54f6 100644 --- a/src/preflight.js +++ b/src/preflight.js @@ -42,6 +42,11 @@ exports.handler = function(options) { res.header('Access-Control-Allow-Origin', originHeader); res.header('Access-Control-Allow-Credentials', true); + // 6.2.8 + if (options.preflightMaxAge) { + res.header('Access-Control-Max-Age', options.preflightMaxAge); + } + // 6.2.9 res.header('Access-Control-Allow-Methods', allowedMethods.join(', ')); @@ -54,4 +59,3 @@ exports.handler = function(options) { }; }; - diff --git a/test/cors.preflight.spec.js b/test/cors.preflight.spec.js index ee23941..b6e12a2 100644 --- a/test/cors.preflight.spec.js +++ b/test/cors.preflight.spec.js @@ -84,8 +84,18 @@ describe('CORS: preflight requests', function() { .end(done); }); - xit('6.2.8 Access-Control-Max-Age not supported', function(done) { - done(); + it('6.2.8 Set the Access-Control-Max-Age header if a max age is provided', function(done) { + var server = test.corsServer({ + preflightMaxAge: 5, + origins: ['http://api.myapp.com', 'http://www.myapp.com'] + }); + request(server) + .options('/test') + .set('Origin', 'http://api.myapp.com') + .set('Access-Control-Request-Method', 'GET') + .expect('Access-Control-Max-Age', '5') + .expect(204) + .end(done); }); it('6.2.9 Set the Allow-Method header', function(done) {