From 352db1b69098ac2a13cbf08be293c6da824eee9a Mon Sep 17 00:00:00 2001
From: Robert Pirtle <astropirtle@gmail.com>
Date: Tue, 31 Oct 2023 17:02:40 -0700
Subject: [PATCH] fix: add CORs headers to cache hit responses

---
 main_test.go          | 4 ++++
 service/middleware.go | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/main_test.go b/main_test.go
index 6422fcc..4a70959 100644
--- a/main_test.go
+++ b/main_test.go
@@ -500,6 +500,10 @@ func TestE2ETestCachingMdwWithBlockNumberParam(t *testing.T) {
 			expectKeysNum(t, redisClient, tc.keysNum)
 			containsKey(t, redisClient, expectedKey)
 
+			// verify expected CORs headers added on cache hit
+			require.Equal(t, "*", resp2.Header.Get("Access-Control-Allow-Origin"))
+			require.Equal(t, "Content-Length", resp2.Header.Get("Access-Control-Expose-Headers"))
+
 			require.JSONEq(t, string(body1), string(body2), "blocks should be the same")
 		})
 	}
diff --git a/service/middleware.go b/service/middleware.go
index b673729..bd3611c 100644
--- a/service/middleware.go
+++ b/service/middleware.go
@@ -250,6 +250,11 @@ func createProxyRequestMiddleware(next http.Handler, config config.Config, servi
 
 				w.Header().Add(cachemdw.CacheHeaderKey, cachemdw.CacheHitHeaderValue)
 				w.Header().Add("Content-Type", "application/json")
+
+				// TODO: response headers should probably be cached with the original response
+				w.Header().Add("Access-Control-Allow-Origin", "*")
+				w.Header().Add("Access-Control-Expose-Headers", "Content-Length")
+
 				_, err := w.Write(typedCachedResponse)
 				if err != nil {
 					serviceLogger.Logger.Error().Msg(fmt.Sprintf("can't write cached response: %v", err))