- From: David Alberto Adler <notifications@github.com>
- Date: Wed, 04 Aug 2021 08:15:10 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 4 August 2021 15:15:22 UTC
Reproduce
**Expected behaviour**
Access-Control-Max-Age: 10s header should cache preflight requests for 10s.
**Reproduce**
Response headers:
```
"Access-Control-Allow-Methods": "*",
"Access-Control-Allow-Headers": "*",
"Access-Control-Allow-Origin": "*",
"Access-Control-Max-Age": "10"
```
Execute a few fetch request from a _different_ origin:
```js
const url = "https://prairie-bright-earl.glitch.me/";
const opts = {
headers: {
"Content-Type": "application/json",
Authorization: "asdf",
},
method: "POST",
body: JSON.stringify({ message: "ping" }),
};
fetch(url, opts);
```
Observe that:
- Every single request produces a preflight request.
- Removing the Authorization header results in the max-age being respected.
- Adding request header: `credentials: include` and response headers `Headers: Authorization, Content-Type`
and `Origin: ${origin}` results in the `max-age: 10` being respected.
Links to minimal failing demo:
- Server code: https://glitch.com/edit/#!/prairie-bright-earl?path=server.js%3A22%3A0
- Client code: https://jsbin.com/dejetem/16/edit?js,console
Reading the spec
**Disclaimer:** I am a spec issue contributor virgin. 👋
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1278
Received on Wednesday, 4 August 2021 15:15:22 UTC