Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent CORS preflight of GET requests #111

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Prevent CORS preflight of GET requests #111

wants to merge 2 commits into from

Conversation

brianhelba
Copy link
Member

HTTP GET requests ideally shouldn't require CORS preflighting, which has the effect of doubling the effective latency of every request (as an OPTIONS request will be made prior to every request). Normally, GET requests don't require preflighting, but adding Content-Type: application/json triggers preflighting. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests for a list of conditions which trigger preflighting.

GET requests have no body, so a Content-Type header is pointless anyway.

@brianhelba
Prevent CORS preflight of GET requests
444a637 
HTTP GET requests ideally shouldn't require CORS
preflighting, which has the effect of doubling the effective
latency of every request (as an OPTIONS request will be made
prior to every request). Normally, GET requests don't require
preflighting, but adding `Content-Type: application/json`
triggers preflighting.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests
for a list of conditions which trigger preflighting.

GET requests have no body, so a `Content-Type` header is
pointless anyway.
@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Dec 19, 2024
edited
Loading

Deploying isic-display-ui with  Cloudflare Pages  Cloudflare Pages

Latest commit: 5a87dff
Status: ✅  Deploy successful!
Preview URL: https://ebf722ef.isic-display-ui.pages.dev
Branch Preview URL: https://cors-get.isic-display-ui.pages.dev

View logs

@brianhelba
Copy link
Member Author

@volishevko Could you review this change? I'm hoping it will improve the performance of the Gallery.

If you approve, please ensure that it's also upstreamed into any other internal code repos you have (so it doesn't get overwritten by future PRs).

@brianhelba
Copy link
Member Author

brianhelba commented Dec 19, 2024
edited
Loading

To clarify, this change will only affect unauthenticated requests (which are still the majority of our users). For authenticated users, the Authorization header will be present, which will trigger preflighting.

However, we may soon addAccess-Control-Max-Age headers to the server, which will allowing caching of preflight requests.

volishevko
volishevko approved these changes Dec 26, 2024
View reviewed changes
Copy link
Contributor

@volishevko volishevko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in case API returns "application/json", I don't see any problem to remove this header.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@volishevko volishevko volishevko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@brianhelba @volishevko