Cache bug on cors-requests?


I have a springboot-backend-api behind cloudflare. It’s configured to cache everything and to respect existing headers.
If I call my endpoints directly everything is fine.
The response header from cloudflare says HIT, my backend-api access-log also confirms that no requests are received.

When my react-app makes a cors-request to the same endpoint something peculiar happens
I still get a HIT from cloudflare, but my backend also receives the request. Cloudflare however is still serving the cached object, ignoring the request it just made.

Is there a reason why cloudflare would “bleed” requests like this on cors-requests?


Solved it.
My preflight response was setting the Access-Control-Max-Age to zero :facepalm:
My bad this one.

closed #3

This topic was automatically closed after 30 days. New replies are no longer allowed.