access-control-max-age is ignored
Categories
(Core :: Networking: HTTP, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr78 | --- | unaffected |
| firefox81 | --- | wontfix |
| firefox82 | --- | wontfix |
| firefox83 | --- | verified |
| firefox84 | --- | verified |
People
(Reporter: Kongpheng.Nanthavongsa, Assigned: valentin)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [necko-triaged])
Attachments
(2 files)
|
219.96 KB,
image/png
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details | Review |
Screenshot of preflight check for ClientEvent not being cached
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
Steps to reproduce:
Go to http://meet.tokbox.com/testing-access-control-max-age
Open network tab so you can inspect API calls
Actual results:
There's a constant stream of preflight checks for "ClientEvent", even though the header access-control-max-age was set to 1728000.
Expected results:
Preflight checks should be cached to the value set by the header access-control-max-age. There should be, at most, only one preflight check for the lifetime set by access-control-max-age.
|
||
Updated•4 years ago
|
|
||
Comment 1•4 years ago
|
||
So, the problem is that we skip the CORS preflight cache at here. The reason is that the CORS request (https://hlg-dev.tokbox.com/qa/logging/ClientEvent) is using POST method and for POST method we set the LOAD_BYPASS_LOCAL_CACHE flag at here.
It seems that what we did in bug 1569715 is not right. Maybe we should not skip CORS preflight cache.
Anne, do you know if the spec describes whether we can bypass the CORS preflight cache?
|
||
Comment 2•4 years ago
|
||
See step 4.1 of https://fetch.spec.whatwg.org/#concept-http-fetch. The preflight cache is always checked.
|
Assignee | |
Comment 3•4 years ago
|
||
(In reply to Anne (:annevk) from comment #2)
See step 4.1 of https://fetch.spec.whatwg.org/#concept-http-fetch. The preflight cache is always checked.
Thanks for the info. Let's back out bug 1569715 for now. Maybe we can find a better way around the CORS preflight cache that works for devtools only.
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 4•4 years ago
|
||
|
||
Updated•4 years ago
|
|
||
Comment 6•4 years ago
|
||
| bugherder | ||
|
||
Updated•4 years ago
|
|
|
||
Comment 7•4 years ago
|
||
The patch landed in nightly and beta is affected.
:valentin, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.
For more information, please visit auto_nag documentation.
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 8•4 years ago
|
||
Comment on attachment 9181968 [details]
Bug 1669780 - Backed out changeset 29d1be2b96f9 (Bug 1569715) for causing us to skip CORS preflight cache for POST requests r=#necko
Beta/Release Uplift Approval Request
- User impact if declined: Unnecessary CORS requests will be made for POST requests
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: see comment 0
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This is just a backout with no extra changes.
- String changes made/needed:
|
|
Assignee | |
Updated•4 years ago
|
|
||
Updated•4 years ago
|
|
|
||
Comment 9•4 years ago
|
||
Comment on attachment 9181968 [details]
Bug 1669780 - Backed out changeset 29d1be2b96f9 (Bug 1569715) for causing us to skip CORS preflight cache for POST requests r=#necko
Approved for 83 beta 6, thanks.
|
|
||
Comment 10•4 years ago
|
||
| bugherder uplift | ||
|
||
Comment 11•4 years ago
|
||
Reproduced the initial issue in Beta 83.0b5 and Release 82.0.2 using Windows 10.
Verified - Fixed in latest Nightly 84.0a1 (build id: 20201029040710) and Beta 83.0b6 (build id: 20201028180355), using Windows 10, Ubuntu 18.04 and Mac 10.15.
Description
•