Skip to content

feat: add MaxAge preflight cache support to AllowCORS#140

Merged
DevanshuTripathi merged 2 commits into
DevanshuTripathi:mainfrom
ghosthouse7:feat/cors-max-age
Jun 15, 2026
Merged

feat: add MaxAge preflight cache support to AllowCORS#140
DevanshuTripathi merged 2 commits into
DevanshuTripathi:mainfrom
ghosthouse7:feat/cors-max-age

Conversation

@ghosthouse7

Copy link
Copy Markdown
Contributor

Closes #125

Changes

  • Modified cors.go to add MaxAge support to AllowCORS
  • Added CORSConfig struct with MaxAge field
  • If MaxAge > 0, sets Access-Control-Max-Age header
    on preflight OPTIONS responses
  • Defaults to 0 (disabled) — fully backwards compatible

Usage

// Basic usage (unchanged)
app.Use(AllowCORS([]string{"*"}))

// With MaxAge preflight caching
app.Use(AllowCORS([]string{"*"}, vodka.CORSConfig{
MaxAge: 86400, // cache preflight for 24 hours
}))

Why This Matters

  • Browsers currently send a preflight OPTIONS request
    on every single API call
  • With MaxAge set, browsers cache the preflight
    response and skip redundant requests
  • Reduces latency and unnecessary network overhead
  • Zero breaking changes to existing AllowCORS usage

Files Changed

  • cors.go (modified)

@vercel

vercel Bot commented Jun 6, 2026

Copy link
Copy Markdown

@ghosthouse7 is attempting to deploy a commit to the Devanshu Tripathi's projects Team on Vercel.

A member of the Team first needs to authorize it.

@DevanshuTripathi

Copy link
Copy Markdown
Owner

@ghosthouse7 Can you write tests for it

@ghosthouse7

Copy link
Copy Markdown
Contributor Author

def! just give me some time

@DevanshuTripathi

Copy link
Copy Markdown
Owner

Hi @ghosthouse7 Just checking to see if you are active on this PR

@ghosthouse7

ghosthouse7 commented Jun 12, 2026

Copy link
Copy Markdown
Contributor Author

yeah yeah on it, will be raising a pr very soon.

@ghosthouse7

Copy link
Copy Markdown
Contributor Author

Hey @DevanshuTripathi, added the tests! Here's what's covered:

TestCORSAllowsMaxAge — verifies MaxAge: 86400 sets the header correctly on preflight
TestCORSMaxAgeZeroOmitsHeader — verifies MaxAge: 0 doesn't set the header (backwards compat)
TestCORSMaxAgeNotSetOnNonPreflight — verifies regular requests don't get the header
TestCORSMaxAgeBlockedForDisallowedOrigin — verifies blocked origins get 403 and no header

All tests passing ✅
gssoc 1

@DevanshuTripathi DevanshuTripathi left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@DevanshuTripathi DevanshuTripathi added level:intermediate Intermediate issue for slightly experienced devs quality:clean Clean quality type:feature gssoc:approved labels Jun 15, 2026
@DevanshuTripathi DevanshuTripathi merged commit bd1fdf4 into DevanshuTripathi:main Jun 15, 2026
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gssoc:approved level:intermediate Intermediate issue for slightly experienced devs quality:clean Clean quality type:feature

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat: Add CORS preflight cache via Access-Control-Max-Age header support

2 participants