Summary: 1) Valid test case is in comment #5 and I can easily use it to reproduce this issue 2) The `Disable Cache` checkbox should disabled any network-related caching in Firefox for this tab (DNS, CORS preflight) as stated in comment #10 3) This needs to be fixed on the platform as stated in comment #9 Preflight responses are not cached in HTTP cache, so if HTTP cache is disabled preflight responses are still returned from sPreflightCache (https://searchfox.org/mozilla-central/rev/7fd1c1c34923ece7ad8c822bee062dd0491d64dc/netwerk/protocol/http/nsCORSListenerProxy.cpp#181). If you really want to skip the cache, we should check the load flags of aRequestChannel in nsCORSListenerProxy::StartCORSPreflight() and don't lookup the entry if nsIRequest::LOAD_BYPASS_CACHE was specified. 4) There is also bug 1376253 (with a test case available) that reports missing preflight request. Worth to include it in the investigation (to see whether it's related). Nhi, supporting Firefox security features (including CORS) is increasingly important. Could someone please look into this bug? Thanks, Jan
Bug 1569715 Comment 14 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Summary: 1) Valid test case is in comment #5 and I can easily use it to reproduce this issue 2) The `Disable Cache` checkbox should disabled any network-related caching in Firefox for this tab (DNS, CORS preflight) as stated in comment #10 3) This needs to be fixed on the platform as stated in comment #9 Preflight responses are not cached in HTTP cache, so if HTTP cache is disabled preflight responses are still returned from sPreflightCache (https://searchfox.org/mozilla-central/rev/7fd1c1c34923ece7ad8c822bee062dd0491d64dc/netwerk/protocol/http/nsCORSListenerProxy.cpp#181). If you really want to skip the cache, we should check the load flags of aRequestChannel in nsCORSListenerProxy::StartCORSPreflight() and don't lookup the entry if nsIRequest::LOAD_BYPASS_CACHE was specified. 4) There is also bug 1376253 (with a test case available) that reports missing preflight request. Worth to include it in the investigation (to see whether it's related). 5) There is also bug 1528603 (reported in Networking) component that is very related. It's about viewing and clearing CORS cache. It also contains a few more links to the platform code base. Nhi, supporting Firefox security features (including CORS) is increasingly important. Could someone please look into this bug? Thanks, Jan