[openstreetmap-website] Turning off caching on /api/ endpoints w/ CORS (#220)
Tom Hughes
notifications at github.com
Mon Mar 25 17:49:27 UTC 2013
So the problem is that the browser makes a CORS enabled request to the API with `Origin: a` and the response has an ETag value is marked as privately cacheable and dependent on the origin (`Vary: Origin`) and has `Access-Control-Allow-Origin: a` to match the request.
When the browser makes the second request it sees the `Vary: Origin` and tries to revalidate using the new `Origin: b` header and the server says `304 nothing changed here` but the browser reuses the old cached `Access-Control-Allow-Origin` rather than the new one the server sent for the new origin.
---
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/220#issuecomment-15409176
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20130325/107bb504/attachment.html>
More information about the rails-dev
mailing list