search

cyu / rack-cors

Rack Middleware for handling Cross-Origin Resource Sharing (CORS), which makes cross-origin AJAX possible.
MIT License
3.26k stars 263 forks source link

Reduce default max_age to a more sensible value #189

Closed rafbm closed 4 years ago

rafbm commented 4 years ago

Browsers cap the value of Access-Control-Max-Age, Chromium being the most aggressive at 2 hours:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age https://cs.chromium.org/chromium/src/services/network/public/cpp/cors/preflight_result.cc?rcl=49e7c0b4886cac1f3d09dc046bd528c9c811a0fa&l=28-31

It sounds logical to set a default value that all browsers will honor.

cyu commented 4 years ago

@rafbm Looks good, thanks!