couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From e...@apache.org
Subject [2/3] chttpd commit: updated refs/heads/master to 0cfd56a
Date Fri, 04 Nov 2016 14:39:29 GMT
Fix CORS max_age configuration parameter

Header "Access-Control-Max-Age" used by a browser to define
for how long to keep preflight request's response cached.

This fix makes this parameter configurable through config section
[cors], attribute max_age.


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/c98d71a9
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/c98d71a9
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/c98d71a9

Branch: refs/heads/master
Commit: c98d71a9caaf27586c91f0b071c6df175e5fcacc
Parents: 262944f
Author: Eric Avdey <eiri@eiri.ca>
Authored: Tue Mar 22 15:03:45 2016 -0300
Committer: Eric Avdey <eiri@eiri.ca>
Committed: Fri Nov 4 09:46:37 2016 -0300

----------------------------------------------------------------------
 src/chttpd_cors.erl       |  5 ++++-
 test/chttpd_cors_test.erl | 11 +++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/c98d71a9/src/chttpd_cors.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_cors.erl b/src/chttpd_cors.erl
index 22430c3..a8dd348 100644
--- a/src/chttpd_cors.erl
+++ b/src/chttpd_cors.erl
@@ -115,7 +115,8 @@ handle_preflight_request(Req, Config, Origin) ->
 
 
         %% get max age
-        MaxAge = couch_util:get_value("max_age", Config, ?CORS_DEFAULT_MAX_AGE),
+        MaxAge = couch_util:get_value(<<"max_age">>, Config,
+            ?CORS_DEFAULT_MAX_AGE),
 
         PreflightHeaders0 = maybe_add_credentials(Config, Origin, [
             {"Access-Control-Allow-Origin", binary_to_list(Origin)},
@@ -300,6 +301,7 @@ get_cors_config(#httpd{cors_config = undefined, mochi_req = MochiReq})
->
         ExposedHeaders0 ->
             [to_lower(H) || H <- split_list(ExposedHeaders0)]
     end,
+    MaxAge = cors_config(Host, "max_age", ?CORS_DEFAULT_MAX_AGE),
     Origins0 = binary_split_list(cors_config(Host, "origins", [])),
     Origins = [{O, {[]}} || O <- Origins0],
     [
@@ -308,6 +310,7 @@ get_cors_config(#httpd{cors_config = undefined, mochi_req = MochiReq})
->
         {<<"allow_methods">>, AllowMethods},
         {<<"allow_headers">>, AllowHeaders},
         {<<"exposed_headers">>, ExposedHeaders},
+        {<<"max_age">>, MaxAge},
         {<<"origins">>, {Origins}}
     ];
 get_cors_config(#httpd{cors_config = Config}) ->

http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/c98d71a9/test/chttpd_cors_test.erl
----------------------------------------------------------------------
diff --git a/test/chttpd_cors_test.erl b/test/chttpd_cors_test.erl
index be34348..7d86489 100644
--- a/test/chttpd_cors_test.erl
+++ b/test/chttpd_cors_test.erl
@@ -28,6 +28,7 @@
 -define(CUSTOM_SUPPORTED_HEADERS, ["extra" | ?SUPPORTED_HEADERS -- ["pragma"]]).
 -define(CUSTOM_EXPOSED_HEADERS, ["expose" | ?COUCH_HEADERS]).
 
+-define(CUSTOM_MAX_AGE, round(?CORS_DEFAULT_MAX_AGE / 2)).
 
 %% Test helpers
 
@@ -66,6 +67,7 @@ custom_cors_config() ->
         {<<"allow_methods">>, ?CUSTOM_SUPPORTED_METHODS},
         {<<"allow_headers">>, ?CUSTOM_SUPPORTED_HEADERS},
         {<<"exposed_headers">>, ?CUSTOM_EXPOSED_HEADERS},
+        {<<"max_age">>, ?CUSTOM_MAX_AGE},
         {<<"origins">>, {[
             {<<"*">>, {[]}}
         ]}}
@@ -340,7 +342,8 @@ test_good_headers_preflight_request_with_custom_config_(OwnerConfig) ->
     Headers = [
         {"Origin", ?DEFAULT_ORIGIN},
         {"Access-Control-Request-Method", "GET"},
-        {"Access-Control-Request-Headers", "accept-language, extra"}
+        {"Access-Control-Request-Headers", "accept-language, extra"},
+        {"Access-Control-Max-Age", ?CORS_DEFAULT_MAX_AGE}
     ],
     Req = mock_request('OPTIONS', "/", Headers),
     ?assert(chttpd_cors:is_cors_enabled(OwnerConfig)),
@@ -348,6 +351,8 @@ test_good_headers_preflight_request_with_custom_config_(OwnerConfig) ->
         <<"allow_methods">>, OwnerConfig, ?SUPPORTED_METHODS),
     AllowHeaders = couch_util:get_value(
         <<"allow_headers">>, OwnerConfig, ?SUPPORTED_HEADERS),
+    MaxAge = couch_util:get_value(
+        <<"max_age">>, OwnerConfig, ?CORS_DEFAULT_MAX_AGE),
     {ok, Headers1} = chttpd_cors:maybe_handle_preflight_request(Req, OwnerConfig),
     [
         ?_assertEqual(?DEFAULT_ORIGIN,
@@ -355,7 +360,9 @@ test_good_headers_preflight_request_with_custom_config_(OwnerConfig) ->
         ?_assertEqual(string_headers(AllowMethods),
             header(Headers1, "Access-Control-Allow-Methods")),
         ?_assertEqual(string_headers(["accept-language", "extra"]),
-            header(Headers1, "Access-Control-Allow-Headers"))
+            header(Headers1, "Access-Control-Allow-Headers")),
+        ?_assertEqual(MaxAge,
+            header(Headers1, "Access-Control-Max-Age"))
     ].
 
 


Mime
View raw message