Reputation: 4249
Repeated OPTIONS requests for cors / ajax requests
On my site I have an auto-suggest text input that suggests results as the user types. The results are provided by a AJAX calls to an API on a different domain. This means I have to use CORS to allow the requests.
It is all working quite well, but every time the user types a new character, the browser sends a new OPTIONS request to ensure it is authorized.
Is there a way around all these repeated options requests?
My php script receiving the requests has
header("Access-Control-Allow-Origin: http://consent.example.com");
and the requests are all originating from consent.example.com. To be clear, the authorization works just fine, and the request completes successfully, but I don't know why it needs to keep making options calls. It would make sense to me that the browser would cache this.
Upvotes: 2
Views: 328
Answers (1)
Reputation: 115980
According to RFC 2616 ("Hypertext Transfer Protocol -- HTTP/1.1"), section 9.2:
9.2 OPTIONS
...
Responses to this method are not cacheable.
The HTTP spec explicitly disallows caching OPTIONS responses.
It is worth noting that the GET responses do not employ caching either (I see that customers?search=alex is 200 each time). This is simply because the server chooses not to send 304 responses for that request, or your browser doesn't let the server know it has a cached copy, by an If-Modified-Since or If-None-Match request header.
Upvotes: 1
Related Questions
- CORS jQuery AJAX request
- Very confused by cors with fetch and when an options request is made
- Apache / PHP and dynamic CORS
- Preflight, or CORS error, on every request
- Inconsistent AJAX Preflight OPTIONS Requests
- jQuery AJAX CORS request / Content-Type / OPTIONS
- CORS ajax request clarification
- CORS Request with jQuery Ajax & PHP
- Why multiple OPTIONS request are sent, even if Access-Control-Allow-Origin is set to *?
- jQuery CORS turns GET into OPTIONS call