Re: CORS and 304


Why is a 304 being returned for OPTIONS?


On 5 Dec 2013, at 10:36 am, Jonas Sicking <> wrote:

> On Wed, Dec 4, 2013 at 3:24 PM, Hill, Brad <> wrote:
>> We still have the case where the headers indicating validity to the cache may give a longer lifetime than a supplied Access-Control-Max-Age.  In such cases, I would argue that regenerating the Access-Control headers is part of providing correct caching and validity information to the client, and therefore they SHOULD be included with a 304.
> Access-Control-Max-Age only applies to OPTIONS responses which I
> didn't think could ever be cached?
> / Jonas

Mark Nottingham

Received on Wednesday, 4 December 2013 23:38:56 UTC