Access-Control-Max-Age is never honoured

[fikriauliya]

I have a fetch with CORS, with some custom HTTP headers. Due to that, preflight OPTION fetch is required before the actual fetch.

In the return of that preflight, I have set the Access-Control-Max-Age (https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS). However, in the subsequence fetch, preflight OPTION fetch are still happening. In fact, no fetch happens without preflight.

I have checked the answers from http://stackoverflow.com/questions/23543719/cors-access-control-max-age-is-ignored, seems not related to my case.

Is it possible that within fetch module itself, the preflight fetch is always invoked regardless the Access-Control-Max-Age?

[fikriauliya]

Solved. It turns out preflight cache is per URL, not per domain 😞 .

"In order to reduce the number of preflight requests, CORS has the concept of a preflight cache. However the preflight information is cached for an origin/url pair. That means each unique url has its own preflight cache. An API with the same preflight response across all urls will still receive a preflight request for each unique request."

http://monsur.hossa.in/2012/09/07/thoughts-on-the-cors-preflight-cache.html