From 4a3d26065fe475fbcfff4f09e8096bb9eb9023c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivar=20Conradi=20=C3=98sthus?= Date: Mon, 5 Dec 2022 10:04:35 +0100 Subject: [PATCH] Fix/cors expose ETag (#2594) This commit fixes two issues with the frontend API 1. fix: update cors max age to match chromium defaults https://source.chromium.org/chromium/chromium/src/+/main:services/network/public/cpp/cors/preflight_result.cc;drc=49e7c0b4886cac1f3d09dc046bd528c9c811a0fa;l=31 2: fix: expose ETage for cross-origin requests --- src/lib/__snapshots__/create-config.test.ts.snap | 2 +- src/lib/create-config.ts | 2 +- src/lib/middleware/cors-origin-middleware.ts | 1 + src/lib/routes/proxy-api/index.ts | 3 +++ src/test/e2e/api/proxy/proxy.e2e.test.ts | 2 +- website/docs/reference/deploy/configuring-unleash.md | 2 +- 6 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/lib/__snapshots__/create-config.test.ts.snap b/src/lib/__snapshots__/create-config.test.ts.snap index 8395d39873..d61caa9f6a 100644 --- a/src/lib/__snapshots__/create-config.test.ts.snap +++ b/src/lib/__snapshots__/create-config.test.ts.snap @@ -2,7 +2,7 @@ exports[`should create default config 1`] = ` { - "accessControlMaxAge": 172800, + "accessControlMaxAge": 86400, "additionalCspAllowedDomains": { "defaultSrc": [], "fontSrc": [], diff --git a/src/lib/create-config.ts b/src/lib/create-config.ts index 5432bf50e9..5bfc23fcb7 100644 --- a/src/lib/create-config.ts +++ b/src/lib/create-config.ts @@ -452,7 +452,7 @@ export function createConfig(options: IUnleashOptions): IUnleashConfig { const accessControlMaxAge = options.accessControlMaxAge ? options.accessControlMaxAge - : parseEnvVarNumber(process.env.ACCESS_CONTROL_MAX_AGE, 172800); + : parseEnvVarNumber(process.env.ACCESS_CONTROL_MAX_AGE, 86400); const clientFeatureCaching = loadClientCachingOptions(options); diff --git a/src/lib/middleware/cors-origin-middleware.ts b/src/lib/middleware/cors-origin-middleware.ts index 72d6a6aa8c..2fc971cdf9 100644 --- a/src/lib/middleware/cors-origin-middleware.ts +++ b/src/lib/middleware/cors-origin-middleware.ts @@ -27,6 +27,7 @@ export const corsOriginMiddleware = ( frontendApiOrigins, ), maxAge: config.accessControlMaxAge, + exposedHeaders: 'ETag', }); } catch (error) { callback(error); diff --git a/src/lib/routes/proxy-api/index.ts b/src/lib/routes/proxy-api/index.ts index 30bbf366d4..d8dc7a3866 100644 --- a/src/lib/routes/proxy-api/index.ts +++ b/src/lib/routes/proxy-api/index.ts @@ -156,6 +156,9 @@ export default class ProxyController extends Controller { ProxyController.createContext(req), ); } + + res.set('Cache-control', 'public, max-age=2'); + this.services.openApiService.respondWithValidation( 200, res, diff --git a/src/test/e2e/api/proxy/proxy.e2e.test.ts b/src/test/e2e/api/proxy/proxy.e2e.test.ts index 16d5521fe3..3dd7ff93a2 100644 --- a/src/test/e2e/api/proxy/proxy.e2e.test.ts +++ b/src/test/e2e/api/proxy/proxy.e2e.test.ts @@ -988,6 +988,6 @@ test('should return maxAge header on options call', async () => { .set('Origin', 'https://example.com') .expect(204) .expect((res) => { - expect(res.headers['access-control-max-age']).toBe('172800'); + expect(res.headers['access-control-max-age']).toBe('86400'); }); }); diff --git a/website/docs/reference/deploy/configuring-unleash.md b/website/docs/reference/deploy/configuring-unleash.md index a960460bd9..bf8a92f4a9 100644 --- a/website/docs/reference/deploy/configuring-unleash.md +++ b/website/docs/reference/deploy/configuring-unleash.md @@ -130,7 +130,7 @@ unleash.start(unleashOptions); - `maxAge` - the time to cache features, set to 600 milliseconds by default - Overridable with (`CLIENT_FEATURE_CACHING_MAXAGE`) ) (accepts milliseconds) - **frontendApi** - Configuration options for the [Unleash front-end API](../front-end-api.md). - `refreshIntervalInMs` - how often (in milliseconds) front-end clients should refresh their data from the cache. Overridable with the `FRONTEND_API_REFRESH_INTERVAL_MS` environment variable. -- **accessControlMaxAge** - You can configure the max-age of the Access-Control-Max-Age header. Defaults to 172800 seconds. Overridable with the `ACCESS_CONTROL_MAX_AGE` environment variable. +- **accessControlMaxAge** - You can configure the max-age of the Access-Control-Max-Age header. Defaults to 86400 seconds. Overridable with the `ACCESS_CONTROL_MAX_AGE` environment variable. You can also set the environment variable `ENABLED_ENVIRONMENTS` to a comma delimited string of environment names to override environments.