From 2a66505acacfea19db61697544438896d8c79180 Mon Sep 17 00:00:00 2001
From: Igor Wiedler <igor@travis-ci.org>
Date: Wed, 18 May 2016 12:26:06 +0200
Subject: [PATCH] Set Access-Control-Max-Age header for CORS preflight requests
 to cache them (refs travis-pro/post-its#169)

---
 lib/travis/api/app/cors.rb | 5 +++++
 spec/unit/cors_spec.rb     | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/lib/travis/api/app/cors.rb b/lib/travis/api/app/cors.rb
index cfbe133c..1b93c751 100644
--- a/lib/travis/api/app/cors.rb
+++ b/lib/travis/api/app/cors.rb
@@ -15,6 +15,11 @@ class Travis::Api::App
     options // do
       headers['Access-Control-Allow-Methods'] = "HEAD, GET, POST, PATCH, PUT, DELETE"
       headers['Access-Control-Allow-Headers'] = "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since, X-User-Agent, Travis-API-Version"
+
+      # cache OPTIONS for 24 hours to avoid excessive preflight requests and speed up access
+      # browsers might still limit this value to 10 minutes, see caveats
+      # http://stackoverflow.com/a/12021982
+      headers['Access-Control-Max-Age'] = "86400"
     end
   end
 end
diff --git a/spec/unit/cors_spec.rb b/spec/unit/cors_spec.rb
index f5c6b0fd..a1e5e994 100644
--- a/spec/unit/cors_spec.rb
+++ b/spec/unit/cors_spec.rb
@@ -46,5 +46,9 @@ describe Travis::Api::App::Cors do
     it 'sets Access-Control-Allow-Headers' do
       headers['Access-Control-Allow-Headers'].should == "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since, X-User-Agent, Travis-API-Version"
     end
+
+    it 'sets Access-Control-Max-Age' do
+      headers['Access-Control-Max-Age'].should == "86400"
+    end
   end
 end