CORS Access-Control-Max-Age缓存了什么 [英] What is cached with CORS Access-Control-Max-Age
问题描述
如果我响应包含access-control-request-method:PUT
且其响应标头access-control-allow-origin
与原点匹配的cors请求,并且仅access-control-allow-method:PUT
和access-control-max-age:7200
将被缓存2小时,并且始终仅返回方法PUT或我将如果说下一个请求是access-control-request-method:POST,是否能够仅使用请求的特定方法做出响应?
If I respond to a cors request that includes access-control-request-method:PUT
with response header access-control-allow-origin
matching the origin and just access-control-allow-method:PUT
and access-control-max-age:7200
will that be cached for 2 hours and always return only method PUT or will I be able to respond with just the specific method(s) requested if say the next request was access-control-request-method:POST?
推荐答案
如果我响应包含
access-control-request-method:PUT
且其响应标头access-control-allow-origin
与原点匹配的cors请求,并且仅access-control-allow-method:PUT
和access-control-max-age:7200
会被缓存2小时
If I respond to a cors request that includes
access-control-request-method:PUT
with response headeraccess-control-allow-origin
matching the origin and justaccess-control-allow-method:PUT
andaccess-control-max-age:7200
will that be cached for 2 hours
Yes, though in Chrome it’ll be cached for only 10 minutes — because the Chrome sources hardcode an upper limit for it of 600 seconds (10 minutes) no matter what larger value you specify.
并且始终仅返回方法PUT,或者如果说下一个请求是access-control-request-method:POST,我将只能使用所请求的特定方法进行响应吗?
and always return only method PUT or will I be able to respond with just the specific method(s) requested if say the next request was access-control-request-method:POST?
它不会总是只返回PUT
;如果下一个请求具有access-control-request-method: POST
,则将跳过缓存并向您的服务器发出新请求.
It will not always return only PUT
; if the next request has access-control-request-method: POST
, then the cache will be skipped and new request will be made to your server.
这符合获取规范(当前定义浏览器行为的规范)中的相关要求CORS协议);具体来说,浏览器需要按方法缓存预检,并且仅在存在.
That’s per the relevant requirements in the Fetch spec (the spec that currently defines browser behavior for the CORS protocol); specifically, browsers are required to cache preflights per-method, and to only use the cache when there’s a "method cache match".
因此,使用PUT
方法的第一个请求将为PUT
请求创建一个预检缓存条目,到期时间为Access-Control-Max-Age
秒,而使用POST
方法的下一个请求将创建一个单独的预检缓存条目用于POST
请求,其有效期为Access-Control-Max-Age
秒.
So your first request with the PUT
method creates one preflight cache entry for PUT
requests, with an expiration of Access-Control-Max-Age
seconds — and any next request with a POST
method would create a separate preflight cache entry for POST
requests, with its own expiration of Access-Control-Max-Age
seconds.
这篇关于CORS Access-Control-Max-Age缓存了什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!