Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Not invalidating the cache for preflight CORS request #93

Merged
merged 3 commits into from Oct 8, 2015

Conversation

Projects
None yet
2 participants
Contributor

jamesruston commented Dec 9, 2013

When making a CORS (http://www.w3.org/TR/cors/) request, first a preflight OPTIONS request is sent to ensure the request is valid. Once receiving a response from the OPTIONS request the real request is then made (so long as the OPTIONS response confirmed its validity) e.g.

some-origin sends => OPTIONS /foo/bar to some-other-origin
some-origin is allowed access to some-other-origin
some-origin sends => GET /foo/bar to some-other-origin

Currently the OPTIONS request is invalidating the /foo/bar cache and is rendering the cache useless for cross origin requests, such as using an AngularJS front end with a Sinatra JSON API.

I've put together a simple solution which checks for OPTIONS requests before invalidating the cache. The OPTIONS response isn't cached and is always passed.

@grosser grosser merged commit f8a2ac1 into rtomayko:master Oct 8, 2015

Collaborator

grosser commented Oct 8, 2015

manually merged

Collaborator

grosser commented Oct 8, 2015

1.4.0 thx for the patch!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment