Set Access-Control-Max-Age header if configured

Author: lpouwelse

Plugin/CorsHeadersPlugin.php

@@ -71,6 +71,16 @@ protected function getEnableAmp()
             \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
     }
 
+    /**
+     * Get the Access-Control-Max-Age
+     * @return string
+     */
+    protected function getMaxAge()
+    {
+        return (int) $this->scopeConfig->getValue('web/corsRequests/max_age',
+            \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
+    }
+
     /**
      * Triggers before original dispatch
      * This method triggers before original \Magento\Webapi\Controller\Rest::dispatch and set version
@@ -92,6 +102,9 @@ public function beforeDispatch(
             if ($this->getEnableAmp()) {
                 $this->response->setHeader('AMP-Access-Control-Allow-Source-Origin', rtrim($originUrl,"/"), true);
             }
+            if ((int)$this->getMaxAge() > 0) {
+                $this->response->setHeader('Access-Control-Max-Age', $this->getMaxAge(), true);
+            }
         }
     }
 

etc/adminhtml/system.xml

@@ -25,6 +25,11 @@
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                     <comment>Enables AMP-Access-Control-Allow-Source-Origin response header for AMP CORS requests</comment>
                 </field>
+                <field id="max_age" translate="label" type="text" sortOrder="40" showInDefault="1" showInWebsite="1"
+                       showInStore="1">
+                    <label>CORS Control Max age</label>
+                    <comment>Enables Access-Control-Max-Age response header for AMP CORS requests (max age in seconds)</comment>
+                </field>
             </group>
         </section>
     </system>