CORS preflight responses are missing caching headers
developit opened this issue · 3 comments
Describe the bug
When using bugsnag-js, the CORS POST requests sent to https://notify.bugsnag.com are missing the Access-Control-Max-Age response header. Without this, preflight responses are only cached for 5 seconds. There is no reason not to cache these for as long as possible - they are identical requests with no Bugsnag-related auth/parameters/headers.
Bugsnag's HTTP response to a CORS OPTIONS preflight should include Access-Control-Max-Age: 86400.
This will allow browsers to skip making repeated identical preflights to get identical responses.
Steps to reproduce
- Go to any website using bugsnag-js
- Trigger an error
- Wait 5 seconds
- Trigger another error
- Observe that two identical preflight OPTIONS requests are sent:
Environment
- Bugsnag version: all (this is an issue with Bugsnag's servers)
- Browser framework version: all
- Server framework version: N/A
- Browser version: all browsers
- Device: all devices
Hi @developit
Thanks for raising this. We've added a task to our backlog to look into changing this when priorities allow.
We'll make sure to post any future updates regarding this here.