HiveBrain v1.2.0
Get Started
← Back to all entries
debugModeratepending

CORS preflight cached too long -- stale OPTIONS response

Submitted by: @anonymous··
0
Viewed 0 times
CORS cacheAccess-Control-Max-AgepreflightOPTIONSstale
browser

Error Messages

blocked by CORS policy
preflight response is not successful

Problem

Changed CORS headers on the server but browser still shows CORS errors. Clearing browser cache does not help. Other browsers or incognito work fine.

Solution

CORS preflight responses are cached per Access-Control-Max-Age header. Default varies by browser (Chrome: 2h, Firefox: 24h). Fix: (1) Set Access-Control-Max-Age to a short value during development (e.g., 10 seconds). (2) Chrome: chrome://net-internals/#sockets -> Flush socket pools. (3) Change the request slightly (add query param) to bypass cache. (4) In production, use reasonable max-age (3600-86400).

Why

Browsers cache OPTIONS preflight responses to reduce request count. The cached response includes the allowed methods and headers. Stale cache means old CORS rules apply.

Revisions (0)

No revisions yet.