Closed Bug 1385980 Opened 7 years ago Closed 4 years ago

Access-Control-Max-Age value to disable caching

Categories

(Developer Documentation Graveyard :: Protocols, defect, P5)

Product:
Developer Documentation Graveyard
Component:
Protocols
Platform:
All
Other
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: paul.spangler, Unassigned)

References

(
URL
)

Details

:: Developer Documentation Request

      Request Type: Correction
     Gecko Version: unspecified
 Technical Contact: 

:: Details

The current doc for the Access-Control-Max-Age header states that "A value of -1 will disable caching, requiring a preflight OPTIONS check for all calls." However, the header's value is documented to be of type delta-seconds, which is an unsigned integer (1*DIGIT, see [1]).

Additionally, the fetch spec doesn't mention -1 anywhere, but does refer to treating the value as 0 on error [2]. Looking through the Chrome code since that's what I had at hand, it treats -1 as a parse failure and falls back to its own default value (5 seconds) rather than disabling caching. On the other hand, setting Access-Control-Max-Age to 0 appears to actually disable caching.

I think the documentation should say that "A value of 0 will disable caching" instead.

[1] https://tools.ietf.org/html/rfc7234#section-1.2.1
[2] https://fetch.spec.whatwg.org/#cors-preflight-fetch

FWIW there is a WPT test to ensure that max-age=-1 disables caching. It is true that according to the spec the -1 value isn't allowed but still that is something that servers can send browsers, so it's good to agree among browsers how it should be handled.

MDN Web Docs' bug reporting has now moved to GitHub. From now on, please file content bugs at https://github.com/mdn/sprints/issues/ and platform bugs at https://github.com/mdn/kuma/issues/.
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.