Skip to content

Commit

Permalink
Allow 0 max-age
Browse files Browse the repository at this point in the history
Fixes #152
  • Loading branch information
rs committed Sep 5, 2023
1 parent 6599721 commit d3f0a2b
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
7 changes: 6 additions & 1 deletion cors.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,10 @@ type Options struct {
// API specification
ExposedHeaders []string
// MaxAge indicates how long (in seconds) the results of a preflight request
// can be cached
// can be cached. Default value is 0, which stands for no
// Access-Control-Max-Age header to be sent back, resulting in browsers
// using their default value (5s by spec). If you need to force a 0 max-age,
// set `MaxAge` to a negative value (ie: -1).
MaxAge int
// AllowCredentials indicates whether the request can include user credentials like
// cookies, HTTP authentication or client side SSL certificates.
Expand Down Expand Up @@ -362,6 +365,8 @@ func (c *Cors) handlePreflight(w http.ResponseWriter, r *http.Request) {
}
if c.maxAge > 0 {
headers.Set("Access-Control-Max-Age", strconv.Itoa(c.maxAge))
} else if c.maxAge < 0 {
headers.Set("Access-Control-Max-Age", "0")
}
c.logf(" Preflight response headers: %v", headers)
}
Expand Down
20 changes: 20 additions & 0 deletions cors_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,26 @@ func TestSpec(t *testing.T) {
},
true,
},
{
"MaxAgeNegative",
Options{
AllowedOrigins: []string{"http://example.com/"},
AllowedMethods: []string{"GET"},
MaxAge: -1,
},
"OPTIONS",
map[string]string{
"Origin": "http://example.com/",
"Access-Control-Request-Method": "GET",
},
map[string]string{
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"Access-Control-Allow-Origin": "http://example.com/",
"Access-Control-Allow-Methods": "GET",
"Access-Control-Max-Age": "0",
},
true,
},
{
"AllowedMethod",
Options{
Expand Down

0 comments on commit d3f0a2b

Please sign in to comment.