Not invalidating the cache for preflight CORS request #93
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When making a CORS (http://www.w3.org/TR/cors/) request, first a preflight OPTIONS request is sent to ensure the request is valid. Once receiving a response from the OPTIONS request the real request is then made (so long as the OPTIONS response confirmed its validity) e.g.
some-origin sends => OPTIONS /foo/bar to some-other-origin
some-origin is allowed access to some-other-origin
some-origin sends => GET /foo/bar to some-other-origin
Currently the OPTIONS request is invalidating the /foo/bar cache and is rendering the cache useless for cross origin requests, such as using an AngularJS front end with a Sinatra JSON API.
I've put together a simple solution which checks for OPTIONS requests before invalidating the cache. The OPTIONS response isn't cached and is always passed.