CORS Access-Control-Max-Age is ignored

http http-headers cors same-origin-policy access-control
Roland Schütz picture Roland Schütz · May 8, 2014 · Viewed 20.1k times · Source

I'm hosting an WebApp and his API on different domains and use CORS to be able to work around the same origin policy. So far, so good. This works.

To only send a CORS preflight once per session I set the Access-Control-Max-Age to 20 days, But this is not working (tested in Chrome): https://db.tt/vfIW3fD2

What do I have to change?

Answer

Nej Kutcharian picture Nej Kutcharian · Oct 27, 2016

If you are using Chrome Dev Tools, make sure you have "Disable cache (while DevTools is open)" unchecked. I was having issues with the "Access-Control-Max-Age" not being honored only to realize that I had that option checked.

Related questions

Setting HTTP headers

I'm trying to set a header in my Go web server. I'm using gorilla/mux and net/http packages. I'd like to set Access-Control-Allow-Origin: * to allow cross domain AJAX. Here's my Go code: func saveHandler(w http.ResponseWriter, r *http.…

Read More
Access-Control-Allow-Origin header not working - What am I doing wrong?

I am attempting to provide a response to the HTTP OPTIONS method with an Access-Control-Allow-Origin header copying the contents of the Origin header in the request. This is apparently not working, for reasons I can't figure out. tl;dr: response …

Read More
405 Method Not Allowed despite CORS

I am trying to develop a frontend application using Angular. Since I added the authorization header to the HTTP POST and GET requests, I'm getting 405 Method Not Allowed, although I seemingly allow everything on the server side. The debugger in …

Read More