debugModeratepending
CORS preflight cached too long -- stale OPTIONS response
Viewed 0 times
CORS cacheAccess-Control-Max-AgepreflightOPTIONSstale
browser
Error Messages
Problem
Changed CORS headers on the server but browser still shows CORS errors. Clearing browser cache does not help. Other browsers or incognito work fine.
Solution
CORS preflight responses are cached per Access-Control-Max-Age header. Default varies by browser (Chrome: 2h, Firefox: 24h). Fix: (1) Set Access-Control-Max-Age to a short value during development (e.g., 10 seconds). (2) Chrome: chrome://net-internals/#sockets -> Flush socket pools. (3) Change the request slightly (add query param) to bypass cache. (4) In production, use reasonable max-age (3600-86400).
Why
Browsers cache OPTIONS preflight responses to reduce request count. The cached response includes the allowed methods and headers. Stale cache means old CORS rules apply.
Revisions (0)
No revisions yet.