1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00

Fix/cors expose ETag (#2594)

This commit fixes two issues with the frontend API

1. fix: update cors max age to match chromium defaults
https://source.chromium.org/chromium/chromium/src/+/main:services/network/public/cpp/cors/preflight_result.cc;drc=49e7c0b4886cac1f3d09dc046bd528c9c811a0fa;l=31
2: fix: expose ETage for cross-origin requests
This commit is contained in:
Ivar Conradi Østhus 2022-12-05 10:04:35 +01:00 committed by GitHub
parent bc3744d565
commit 4a3d26065f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 8 additions and 4 deletions

View File

@ -2,7 +2,7 @@
exports[`should create default config 1`] = `
{
"accessControlMaxAge": 172800,
"accessControlMaxAge": 86400,
"additionalCspAllowedDomains": {
"defaultSrc": [],
"fontSrc": [],

View File

@ -452,7 +452,7 @@ export function createConfig(options: IUnleashOptions): IUnleashConfig {
const accessControlMaxAge = options.accessControlMaxAge
? options.accessControlMaxAge
: parseEnvVarNumber(process.env.ACCESS_CONTROL_MAX_AGE, 172800);
: parseEnvVarNumber(process.env.ACCESS_CONTROL_MAX_AGE, 86400);
const clientFeatureCaching = loadClientCachingOptions(options);

View File

@ -27,6 +27,7 @@ export const corsOriginMiddleware = (
frontendApiOrigins,
),
maxAge: config.accessControlMaxAge,
exposedHeaders: 'ETag',
});
} catch (error) {
callback(error);

View File

@ -156,6 +156,9 @@ export default class ProxyController extends Controller {
ProxyController.createContext(req),
);
}
res.set('Cache-control', 'public, max-age=2');
this.services.openApiService.respondWithValidation(
200,
res,

View File

@ -988,6 +988,6 @@ test('should return maxAge header on options call', async () => {
.set('Origin', 'https://example.com')
.expect(204)
.expect((res) => {
expect(res.headers['access-control-max-age']).toBe('172800');
expect(res.headers['access-control-max-age']).toBe('86400');
});
});

View File

@ -130,7 +130,7 @@ unleash.start(unleashOptions);
- `maxAge` - the time to cache features, set to 600 milliseconds by default - Overridable with (`CLIENT_FEATURE_CACHING_MAXAGE`) ) (accepts milliseconds)
- **frontendApi** - Configuration options for the [Unleash front-end API](../front-end-api.md).
- `refreshIntervalInMs` - how often (in milliseconds) front-end clients should refresh their data from the cache. Overridable with the `FRONTEND_API_REFRESH_INTERVAL_MS` environment variable.
- **accessControlMaxAge** - You can configure the max-age of the Access-Control-Max-Age header. Defaults to 172800 seconds. Overridable with the `ACCESS_CONTROL_MAX_AGE` environment variable.
- **accessControlMaxAge** - You can configure the max-age of the Access-Control-Max-Age header. Defaults to 86400 seconds. Overridable with the `ACCESS_CONTROL_MAX_AGE` environment variable.
You can also set the environment variable `ENABLED_ENVIRONMENTS` to a comma delimited string of environment names to override environments.