Merge remote branch 'cloudant:fix-cors-max_age'
This closes #110
Signed-off-by: Eric Avdey <eiri@eiri.ca>
diff --git a/src/chttpd_cors.erl b/src/chttpd_cors.erl
index 22430c3..a8dd348 100644
--- a/src/chttpd_cors.erl
+++ b/src/chttpd_cors.erl
@@ -115,7 +115,8 @@
%% get max age
- MaxAge = couch_util:get_value("max_age", Config, ?CORS_DEFAULT_MAX_AGE),
+ MaxAge = couch_util:get_value(<<"max_age">>, Config,
+ ?CORS_DEFAULT_MAX_AGE),
PreflightHeaders0 = maybe_add_credentials(Config, Origin, [
{"Access-Control-Allow-Origin", binary_to_list(Origin)},
@@ -300,6 +301,7 @@
ExposedHeaders0 ->
[to_lower(H) || H <- split_list(ExposedHeaders0)]
end,
+ MaxAge = cors_config(Host, "max_age", ?CORS_DEFAULT_MAX_AGE),
Origins0 = binary_split_list(cors_config(Host, "origins", [])),
Origins = [{O, {[]}} || O <- Origins0],
[
@@ -308,6 +310,7 @@
{<<"allow_methods">>, AllowMethods},
{<<"allow_headers">>, AllowHeaders},
{<<"exposed_headers">>, ExposedHeaders},
+ {<<"max_age">>, MaxAge},
{<<"origins">>, {Origins}}
];
get_cors_config(#httpd{cors_config = Config}) ->
diff --git a/test/chttpd_cors_test.erl b/test/chttpd_cors_test.erl
index be34348..19e8515 100644
--- a/test/chttpd_cors_test.erl
+++ b/test/chttpd_cors_test.erl
@@ -28,6 +28,7 @@
-define(CUSTOM_SUPPORTED_HEADERS, ["extra" | ?SUPPORTED_HEADERS -- ["pragma"]]).
-define(CUSTOM_EXPOSED_HEADERS, ["expose" | ?COUCH_HEADERS]).
+-define(CUSTOM_MAX_AGE, round(?CORS_DEFAULT_MAX_AGE / 2)).
%% Test helpers
@@ -66,6 +67,7 @@
{<<"allow_methods">>, ?CUSTOM_SUPPORTED_METHODS},
{<<"allow_headers">>, ?CUSTOM_SUPPORTED_HEADERS},
{<<"exposed_headers">>, ?CUSTOM_EXPOSED_HEADERS},
+ {<<"max_age">>, ?CUSTOM_MAX_AGE},
{<<"origins">>, {[
{<<"*">>, {[]}}
]}}
@@ -340,14 +342,15 @@
Headers = [
{"Origin", ?DEFAULT_ORIGIN},
{"Access-Control-Request-Method", "GET"},
- {"Access-Control-Request-Headers", "accept-language, extra"}
+ {"Access-Control-Request-Headers", "accept-language, extra"},
+ {"Access-Control-Max-Age", ?CORS_DEFAULT_MAX_AGE}
],
Req = mock_request('OPTIONS', "/", Headers),
?assert(chttpd_cors:is_cors_enabled(OwnerConfig)),
AllowMethods = couch_util:get_value(
<<"allow_methods">>, OwnerConfig, ?SUPPORTED_METHODS),
- AllowHeaders = couch_util:get_value(
- <<"allow_headers">>, OwnerConfig, ?SUPPORTED_HEADERS),
+ MaxAge = couch_util:get_value(
+ <<"max_age">>, OwnerConfig, ?CORS_DEFAULT_MAX_AGE),
{ok, Headers1} = chttpd_cors:maybe_handle_preflight_request(Req, OwnerConfig),
[
?_assertEqual(?DEFAULT_ORIGIN,
@@ -355,7 +358,9 @@
?_assertEqual(string_headers(AllowMethods),
header(Headers1, "Access-Control-Allow-Methods")),
?_assertEqual(string_headers(["accept-language", "extra"]),
- header(Headers1, "Access-Control-Allow-Headers"))
+ header(Headers1, "Access-Control-Allow-Headers")),
+ ?_assertEqual(MaxAge,
+ header(Headers1, "Access-Control-Max-Age"))
].