Merge branch 'lpouwelse-change/11-prevent-multiple-option-requests'

thaddeusmt · thaddeusmt · commit 03c8da24c2fb · 2020-02-24T12:12:48.000-07:00
diff --git a/Plugin/CorsHeadersPlugin.php b/Plugin/CorsHeadersPlugin.php
@@ -71,6 +71,16 @@ protected function getEnableAmp()
             \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
     }
 
+    /**
+     * Get the Access-Control-Max-Age
+     * @return string
+     */
+    protected function getMaxAge()
+    {
+        return (int) $this->scopeConfig->getValue('web/corsRequests/max_age',
+            \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
+    }
+
     /**
      * Triggers before original dispatch
      * This method triggers before original \Magento\Webapi\Controller\Rest::dispatch and set version
@@ -92,6 +102,9 @@ public function beforeDispatch(
             if ($this->getEnableAmp()) {
                 $this->response->setHeader('AMP-Access-Control-Allow-Source-Origin', rtrim($originUrl,"/"), true);
             }
+            if ((int)$this->getMaxAge() > 0) {
+                $this->response->setHeader('Access-Control-Max-Age', $this->getMaxAge(), true);
+            }
         }
     }
 
diff --git a/composer.json b/composer.json
@@ -1,9 +1,9 @@
 {
-    "name": "splashlab/magento-2-cors-requests",
+    "name": "lpouwelse/magento-2-cors-requests",
     "description": "Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain",
     "homepage": "https://github.com/splashlab/magento-2-cors-requests",
     "type": "magento2-module",
-    "version": "100.0.4",
+    "version": "100.0.5",
     "license": [
         "OSL-3.0",
         "AFL-3.0"
diff --git a/etc/adminhtml/system.xml b/etc/adminhtml/system.xml
@@ -25,6 +25,11 @@
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                     <comment>Enables AMP-Access-Control-Allow-Source-Origin response header for AMP CORS requests</comment>
                 </field>
+                <field id="max_age" translate="label" type="text" sortOrder="40" showInDefault="1" showInWebsite="1"
+                       showInStore="1">
+                    <label>CORS Request Max Age</label>
+                    <comment>Enables Access-Control-Max-Age response header for CORS requests (max age in seconds)</comment>
+                </field>
             </group>
         </section>
     </system>

Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,16 @@ protected function getEnableAmp()`
`71`	`71`	`\Magento\Store\Model\ScopeInterface::SCOPE_STORE);`
`72`	`72`	`}`
`73`	`73`
	`74`	`+ /**`
	`75`	`+ * Get the Access-Control-Max-Age`
	`76`	`+ * @return string`
	`77`	`+ */`
	`78`	`+ protected function getMaxAge()`
	`79`	`+ {`
	`80`	`+ return (int) $this->scopeConfig->getValue('web/corsRequests/max_age',`
	`81`	`+ \Magento\Store\Model\ScopeInterface::SCOPE_STORE);`
	`82`	`+ }`
	`83`	`+`
`74`	`84`	`/**`
`75`	`85`	`* Triggers before original dispatch`
`76`	`86`	`* This method triggers before original \Magento\Webapi\Controller\Rest::dispatch and set version`
`@@ -92,6 +102,9 @@ public function beforeDispatch(`
`92`	`102`	`if ($this->getEnableAmp()) {`
`93`	`103`	`$this->response->setHeader('AMP-Access-Control-Allow-Source-Origin', rtrim($originUrl,"/"), true);`
`94`	`104`	`}`
	`105`	`+ if ((int)$this->getMaxAge() > 0) {`
	`106`	`+ $this->response->setHeader('Access-Control-Max-Age', $this->getMaxAge(), true);`
	`107`	`+ }`
`95`	`108`	`}`
`96`	`109`	`}`
`97`	`110`