Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FEATURE: Cache CORS preflight requests for 2h (#14614) 

* FEATURE: Cache CORS preflight requests for 2h

Browsers will cache this for 5 seconds by default. If using MessageBus
in a different domain, Discourse will issue a new long polling, by
default, every 30s or so. This means we would be issuing a new preflight
request **every time**. This can be incredibly wasteful, so let's cache
the authorization in the client for 2h, which is the maximum Chromium
allows us as of today.

* fix tests
This commit is contained in:
Rafael dos Santos Silva 2021-10-14 22:37:53 -03:00 committed by GitHub
parent 7c7e03e54b
commit b301a6b3db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/initializers/008-rack-cors.rb
View File

@ -45,6 +45,7 @@ class Discourse::Cors
headers['Access-Control-Allow-Headers'] = 'Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Present, User-Api-Key, User-Api-Client-Id, Authorization'
headers['Access-Control-Allow-Credentials'] = 'true'
headers['Access-Control-Allow-Methods'] = 'POST, PUT, GET, OPTIONS, DELETE'
headers['Access-Control-Max-Age'] = '7200'
end
headers

6
spec/components/hijack_spec.rb
View File

@ -110,7 +110,8 @@ describe Hijack do
"Access-Control-Allow-Origin" => "www.rainbows.com",
"Access-Control-Allow-Headers" => "Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Present, User-Api-Key, User-Api-Client-Id, Authorization",
"Access-Control-Allow-Credentials" => "true",
"Access-Control-Allow-Methods" => "POST, PUT, GET, OPTIONS, DELETE"
"Access-Control-Allow-Methods" => "POST, PUT, GET, OPTIONS, DELETE",
"Access-Control-Max-Age" => "7200",
}
expect(headers).to eq(expected)
@ -147,7 +148,8 @@ describe Hijack do
"Access-Control-Allow-Origin" => "https://www.rainbows.com",
"Access-Control-Allow-Headers" => "Content-Type, Cache-Control, X-Requested-With, X-CSRF-Token, Discourse-Present, User-Api-Key, User-Api-Client-Id, Authorization",
"Access-Control-Allow-Credentials" => "true",
"Access-Control-Allow-Methods" => "POST, PUT, GET, OPTIONS, DELETE"
"Access-Control-Allow-Methods" => "POST, PUT, GET, OPTIONS, DELETE",
"Access-Control-Max-Age" => "7200",
}
expect(headers).to eq(expected)