Cache preflight responses (Access-Control-Max-Age) #261
Comments
|
I've implemented it, but reverted it for now. I'm not sure how the caching works when allowing multiple origins. Both Ackee and the recommended nginx config are dynamically changing the origin based on the request. Caching the origin would be problematic in that case. |
|
I looked at the spec:
So Origin is not cached. For spec see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age Note that
(see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age#directives) [EDIT] https://runebook.dev/en/docs/http/headers/access-control-max-age States that
|
|
As I understand the result of the preflight request is cached. So the browser has for each origin a list of cached preflight requests so the cached data don't need to contain information about the allow-origin header as only successfull preflights are cached. |
|
I've been sending the preflight cache header from 2b170a4 for half a year now and it works without any issues. |
|
@ThomasOrlita Thanks for letting me know. I've merged the branch. It will be a part of the next release :) |
馃悾 Is your feature request related to a problem? Please describe.
Every time a CORS request to Ackee is sent, it is preceded by a preflight OPTIONS request which allows the website to send the request. However, since no
Access-Control-Max-Ageheader is sent, the preflight request is sent every time.馃挕 Describe the solution you'd like
Send
Access-Control-Max-Agealongside theAccess-Control-Allow-{Origin,Methods,Headers,Credentials}headers. This means the OPTIONS header will have to be sent only once per site and then the browser won't send the preflight request again until the cache expires.The text was updated successfully, but these errors were encountered: