CORS Access-Control-Max-Age缓存了什么 [英] What is cached with CORS Access-Control-Max-Age

问题描述

如果我响应包含access-control-request-method:PUT且其响应标头access-control-allow-origin与原点匹配的cors请求，并且仅access-control-allow-method:PUT和access-control-max-age:7200将被缓存2小时，并且始终仅返回方法PUT或我将如果说下一个请求是access-control-request-method:POST，是否能够仅使用请求的特定方法做出响应?

If I respond to a cors request that includes access-control-request-method:PUT with response header access-control-allow-origin matching the origin and just access-control-allow-method:PUT and access-control-max-age:7200 will that be cached for 2 hours and always return only method PUT or will I be able to respond with just the specific method(s) requested if say the next request was access-control-request-method:POST?

推荐答案

如果我响应包含access-control-request-method:PUT且其响应标头access-control-allow-origin与原点匹配的cors请求，并且仅access-control-allow-method:PUT和access-control-max-age:7200会被缓存2小时

If I respond to a cors request that includes access-control-request-method:PUT with response header access-control-allow-origin matching the origin and just access-control-allow-method:PUT and access-control-max-age:7200 will that be cached for 2 hours

是的，尽管它在Chrome中仅会缓存10分钟-因为

Yes, though in Chrome it’ll be cached for only 10 minutes — because the Chrome sources hardcode an upper limit for it of 600 seconds (10 minutes) no matter what larger value you specify.

并且始终仅返回方法PUT，或者如果说下一个请求是access-control-request-method:POST，我将只能使用所请求的特定方法进行响应吗?

and always return only method PUT or will I be able to respond with just the specific method(s) requested if say the next request was access-control-request-method:POST?

它不会总是只返回PUT；如果下一个请求具有access-control-request-method: POST，则将跳过缓存并向您的服务器发出新请求.

It will not always return only PUT; if the next request has access-control-request-method: POST, then the cache will be skipped and new request will be made to your server.

这符合获取规范(当前定义浏览器行为的规范)中的相关要求CORS协议)；具体来说，浏览器需要按方法缓存预检，并且仅在存在.

That’s per the relevant requirements in the Fetch spec (the spec that currently defines browser behavior for the CORS protocol); specifically, browsers are required to cache preflights per-method, and to only use the cache when there’s a "method cache match".

因此，使用PUT方法的第一个请求将为PUT请求创建一个预检缓存条目，到期时间为Access-Control-Max-Age秒，而使用POST方法的下一个请求将创建一个单独的预检缓存条目用于POST请求，其有效期为Access-Control-Max-Age秒.

So your first request with the PUT method creates one preflight cache entry for PUT requests, with an expiration of Access-Control-Max-Age seconds — and any next request with a POST method would create a separate preflight cache entry for POST requests, with its own expiration of Access-Control-Max-Age seconds.

这篇关于CORS Access-Control-Max-Age缓存了什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！