Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS preflight responses are missing caching headers #2125

Open
developit opened this issue Apr 26, 2024 · 3 comments
Open

CORS preflight responses are missing caching headers #2125

developit opened this issue Apr 26, 2024 · 3 comments
Labels
backlog We hope to fix this feature/bug in the future

Comments

@developit
Copy link

developit commented Apr 26, 2024

Describe the bug

When using bugsnag-js, the CORS POST requests sent to https://notify.bugsnag.com are missing the Access-Control-Max-Age response header. Without this, preflight responses are only cached for 5 seconds. There is no reason not to cache these for as long as possible - they are identical requests with no Bugsnag-related auth/parameters/headers.

Bugsnag's HTTP response to a CORS OPTIONS preflight should include Access-Control-Max-Age: 86400.
This will allow browsers to skip making repeated identical preflights to get identical responses.

Steps to reproduce

  1. Go to any website using bugsnag-js
  2. Trigger an error
  3. Wait 5 seconds
  4. Trigger another error
  5. Observe that two identical preflight OPTIONS requests are sent:

Environment

  • Bugsnag version: all (this is an issue with Bugsnag's servers)
  • Browser framework version: all
  • Server framework version: N/A
  • Browser version: all browsers
  • Device: all devices
@mclack mclack added the backlog We hope to fix this feature/bug in the future label May 8, 2024
@mclack
Copy link
Contributor

mclack commented May 8, 2024

Hi @developit

Thanks for raising this. We've added a task to our backlog to look into changing this when priorities allow.

We'll make sure to post any future updates regarding this here.

@mclack
Copy link
Contributor

mclack commented Oct 24, 2024

Hi @developit

We have now set the Access-Control-Max-Age header to 86400 in the bugsnag-js notifier: #2160

This change is available from v8.1.0 of the notifier: https://github.com/bugsnag/bugsnag-js/releases/tag/v8.1.0

@mclack mclack closed this as completed Oct 24, 2024
@mclack mclack added released This feature/bug fix has been released and removed backlog We hope to fix this feature/bug in the future labels Oct 24, 2024
@mclack
Copy link
Contributor

mclack commented Oct 24, 2024

Hi @developit

Please accept our apologies.

This change had to be reverted due to some complications, so this still remains on our backlog.

I'm reopening this issue, and we will make sure to post any further updates regarding this here.

@mclack mclack reopened this Oct 24, 2024
@mclack mclack added backlog We hope to fix this feature/bug in the future and removed released This feature/bug fix has been released labels Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backlog We hope to fix this feature/bug in the future
Projects
None yet
Development

No branches or pull requests

2 participants