Time interval between two CORS requests using jquery ajax
I am making a CORS request to a web service using jQuery $.ajax
. According to the standard, there is a pre-flight request and then an actual POST request.
I noticed that there are two requests every time I try to make a web service call (one preflight and one actual POST request). If there is a time gap between two requests.
If I continue to consistently call the web service without any time interval (e.g. less than 1 second between two requests) then there is not enough before the flight.
How can I avoid this pre-flight request every time?
What is this time span?
Is this something special for the Chrome browser?
source to share
There are differences between browsers in how they implement pre-flight caching. Unfortunately, the W3C spec by itself does not explain the nuances that you observed in caching before flying.
For others reading this question, I would like to explain, when the OP talks about a pre-flight request, he is referring to a request OPTIONS
that precedes the cross-origin request POST
. The request is OPTIONS
used to query the API and determine which HTTP methods are valid for cross-origin requests. Typically, you would expect to see this type of request response OPTIONS
:
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, X-Requested-With
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT
Since you are working with Google Chrome , I refer you to the relevant section of the Webkit source code :
The default cache timeout is 5 seconds by default:
static const auto defaultPreflightCacheTimeout = std::chrono::seconds(5);
The maximum value is 5 minutes:
static const auto maxPreflightCacheTimeout = std::chrono::seconds(600);
The server can specify a timeout value for preflight requests using a field in the response header, but the Webkit browser provides a maximum timeout of 5 minutes. Access-Control-Max-Age
To answer your questions:
How can I avoid this pre-flight request every time?
You need to set it Access-Control-Max-Age
to 600 in the API response header for the request OPTIONS
.
What is this time frame?
For Webkit browsers (i.e. Google Chrome) the default timeout value is 5 seconds . This is why you see a pre-flight request before every POST request, but if you send POST requests quickly then you don't see any additional pre-flight requests.
Is this something special for the Chrome browser?
Yes , there are differences between browsers in how pre-flight caching is done. The W3C specification does not specify everything that is needed to create pre-flight caching functionality in a web browser.
source to share
The browser will not fulfill the presale request if the following two situations are true:
- There is either a method cache match for the request method, or it is a simple method and the preflight strength flag is not set.
- For each author request headers header, there is either a header cache match for the field name, or a simple header.
This link shows user agent (browser) responsibilities using CORS: http://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0
Otherwise, you shouldn't worry about it. The browser implementation will be correct.
source to share