You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ei...@apache.org on 2016/11/04 14:39:29 UTC
[2/3] chttpd commit: updated refs/heads/master to 0cfd56a
Fix CORS max_age configuration parameter
Header "Access-Control-Max-Age" used by a browser to define
for how long to keep preflight request's response cached.
This fix makes this parameter configurable through config section
[cors], attribute max_age.
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/c98d71a9
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/c98d71a9
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/c98d71a9
Branch: refs/heads/master
Commit: c98d71a9caaf27586c91f0b071c6df175e5fcacc
Parents: 262944f
Author: Eric Avdey <ei...@eiri.ca>
Authored: Tue Mar 22 15:03:45 2016 -0300
Committer: Eric Avdey <ei...@eiri.ca>
Committed: Fri Nov 4 09:46:37 2016 -0300
----------------------------------------------------------------------
src/chttpd_cors.erl | 5 ++++-
test/chttpd_cors_test.erl | 11 +++++++++--
2 files changed, 13 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/c98d71a9/src/chttpd_cors.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_cors.erl b/src/chttpd_cors.erl
index 22430c3..a8dd348 100644
--- a/src/chttpd_cors.erl
+++ b/src/chttpd_cors.erl
@@ -115,7 +115,8 @@ handle_preflight_request(Req, Config, Origin) ->
%% get max age
- MaxAge = couch_util:get_value("max_age", Config, ?CORS_DEFAULT_MAX_AGE),
+ MaxAge = couch_util:get_value(<<"max_age">>, Config,
+ ?CORS_DEFAULT_MAX_AGE),
PreflightHeaders0 = maybe_add_credentials(Config, Origin, [
{"Access-Control-Allow-Origin", binary_to_list(Origin)},
@@ -300,6 +301,7 @@ get_cors_config(#httpd{cors_config = undefined, mochi_req = MochiReq}) ->
ExposedHeaders0 ->
[to_lower(H) || H <- split_list(ExposedHeaders0)]
end,
+ MaxAge = cors_config(Host, "max_age", ?CORS_DEFAULT_MAX_AGE),
Origins0 = binary_split_list(cors_config(Host, "origins", [])),
Origins = [{O, {[]}} || O <- Origins0],
[
@@ -308,6 +310,7 @@ get_cors_config(#httpd{cors_config = undefined, mochi_req = MochiReq}) ->
{<<"allow_methods">>, AllowMethods},
{<<"allow_headers">>, AllowHeaders},
{<<"exposed_headers">>, ExposedHeaders},
+ {<<"max_age">>, MaxAge},
{<<"origins">>, {Origins}}
];
get_cors_config(#httpd{cors_config = Config}) ->
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/c98d71a9/test/chttpd_cors_test.erl
----------------------------------------------------------------------
diff --git a/test/chttpd_cors_test.erl b/test/chttpd_cors_test.erl
index be34348..7d86489 100644
--- a/test/chttpd_cors_test.erl
+++ b/test/chttpd_cors_test.erl
@@ -28,6 +28,7 @@
-define(CUSTOM_SUPPORTED_HEADERS, ["extra" | ?SUPPORTED_HEADERS -- ["pragma"]]).
-define(CUSTOM_EXPOSED_HEADERS, ["expose" | ?COUCH_HEADERS]).
+-define(CUSTOM_MAX_AGE, round(?CORS_DEFAULT_MAX_AGE / 2)).
%% Test helpers
@@ -66,6 +67,7 @@ custom_cors_config() ->
{<<"allow_methods">>, ?CUSTOM_SUPPORTED_METHODS},
{<<"allow_headers">>, ?CUSTOM_SUPPORTED_HEADERS},
{<<"exposed_headers">>, ?CUSTOM_EXPOSED_HEADERS},
+ {<<"max_age">>, ?CUSTOM_MAX_AGE},
{<<"origins">>, {[
{<<"*">>, {[]}}
]}}
@@ -340,7 +342,8 @@ test_good_headers_preflight_request_with_custom_config_(OwnerConfig) ->
Headers = [
{"Origin", ?DEFAULT_ORIGIN},
{"Access-Control-Request-Method", "GET"},
- {"Access-Control-Request-Headers", "accept-language, extra"}
+ {"Access-Control-Request-Headers", "accept-language, extra"},
+ {"Access-Control-Max-Age", ?CORS_DEFAULT_MAX_AGE}
],
Req = mock_request('OPTIONS', "/", Headers),
?assert(chttpd_cors:is_cors_enabled(OwnerConfig)),
@@ -348,6 +351,8 @@ test_good_headers_preflight_request_with_custom_config_(OwnerConfig) ->
<<"allow_methods">>, OwnerConfig, ?SUPPORTED_METHODS),
AllowHeaders = couch_util:get_value(
<<"allow_headers">>, OwnerConfig, ?SUPPORTED_HEADERS),
+ MaxAge = couch_util:get_value(
+ <<"max_age">>, OwnerConfig, ?CORS_DEFAULT_MAX_AGE),
{ok, Headers1} = chttpd_cors:maybe_handle_preflight_request(Req, OwnerConfig),
[
?_assertEqual(?DEFAULT_ORIGIN,
@@ -355,7 +360,9 @@ test_good_headers_preflight_request_with_custom_config_(OwnerConfig) ->
?_assertEqual(string_headers(AllowMethods),
header(Headers1, "Access-Control-Allow-Methods")),
?_assertEqual(string_headers(["accept-language", "extra"]),
- header(Headers1, "Access-Control-Allow-Headers"))
+ header(Headers1, "Access-Control-Allow-Headers")),
+ ?_assertEqual(MaxAge,
+ header(Headers1, "Access-Control-Max-Age"))
].