Bug 236837 - Non-simple CORS preflight fails due to cache-control header
Summary: Non-simple CORS preflight fails due to cache-control header
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Service Workers (show other bugs)
Version: Safari 15
Hardware: All Unspecified
: P2 Normal
Assignee: youenn fablet
URL:
Keywords: InRadar
: 236973 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-02-18 06:41 PST by Kevin Twesten
Modified: 2022-03-10 05:13 PST (History)
4 users (show)

See Also:


Attachments
Patch (4.70 KB, patch)
2022-02-24 00:49 PST, youenn fablet
no flags Details | Formatted Diff | Diff
Patch (6.42 KB, patch)
2022-02-24 05:43 PST, youenn fablet
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Kevin Twesten 2022-02-18 06:41:11 PST
When sending a non-simple CORS request (e.g. some JSON via sendBeacon), a "cache-control" header is added to the preflight request when it is fetched by a Service Worker.
Since this is unexpected for most of the servers, the sendBeacon request fails in that case.

I implemented a simple test page that reproduces the issue here: https://falling-bolt-17.app.baqend.com/
The test page registers a simple Service Worker which listens to fetch requests and tries to fetch them.
It also includes the following script tag that sends the beacon request:
	<script>
		// dummy data
		var data = '{"currency":"EUR","is_logged_in":false,"producer_properties":{"common":{"sent_by":"","timestamp":"2022-02-15T07:02:51.078Z","producer_id":"","tracking_method":"collector","application_version":""},"web_frontend":{"platform":"desktop","user_agent":"","view_id":"","container_name":"","visitor_id":"","domain":"","url":"","referrer_url":""}}}';
		// create blob with data for beachon
		var blob = new Blob([data], { type: 'application/vnd.gyg.v2+json' });
		// send beacon request
		navigator.sendBeacon('https://collector.getyourguide.com/track/HomePageRequest', blob);
	</script>

Ways to reproduce:
1. Go to https://falling-bolt-17.app.baqend.com/
2. Open JavaScript console
3. Refresh the page
4. Check the request headers of the 'HomePageRequest' request on the network tab and notice that it failed and that a "cache-control" header with the value "max-age=0" was added 

The error can also be seen in the Service Worker console (Develop -> Service Workers).


Is there any fix for this issue?
Comment 1 Radar WebKit Bug Importer 2022-02-23 15:42:40 PST
<rdar://problem/89382796>
Comment 2 youenn fablet 2022-02-24 00:49:24 PST
Created attachment 453082 [details]
Patch
Comment 3 youenn fablet 2022-02-24 05:43:47 PST
Created attachment 453096 [details]
Patch
Comment 4 EWS 2022-02-25 07:51:17 PST
Committed r290507 (247792@main): <https://commits.webkit.org/247792@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 453096 [details].
Comment 5 youenn fablet 2022-03-10 05:13:09 PST
*** Bug 236973 has been marked as a duplicate of this bug. ***