[Webkit-unassigned] [Bug 236837] New: Non-simple CORS preflight fails due to cache-control header

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 18 06:41:11 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=236837

            Bug ID: 236837
           Summary: Non-simple CORS preflight fails due to cache-control
                    header
           Product: WebKit
           Version: Safari 15
          Hardware: All
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Service Workers
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: kt at baqend.com

When sending a non-simple CORS request (e.g. some JSON via sendBeacon), a "cache-control" header is added to the preflight request when it is fetched by a Service Worker.
Since this is unexpected for most of the servers, the sendBeacon request fails in that case.

I implemented a simple test page that reproduces the issue here: https://falling-bolt-17.app.baqend.com/
The test page registers a simple Service Worker which listens to fetch requests and tries to fetch them.
It also includes the following script tag that sends the beacon request:
        <script>
                // dummy data
                var data = '{"currency":"EUR","is_logged_in":false,"producer_properties":{"common":{"sent_by":"","timestamp":"2022-02-15T07:02:51.078Z","producer_id":"","tracking_method":"collector","application_version":""},"web_frontend":{"platform":"desktop","user_agent":"","view_id":"","container_name":"","visitor_id":"","domain":"","url":"","referrer_url":""}}}';
                // create blob with data for beachon
                var blob = new Blob([data], { type: 'application/vnd.gyg.v2+json' });
                // send beacon request
                navigator.sendBeacon('https://collector.getyourguide.com/track/HomePageRequest', blob);
        </script>

Ways to reproduce:
1. Go to https://falling-bolt-17.app.baqend.com/
2. Open JavaScript console
3. Refresh the page
4. Check the request headers of the 'HomePageRequest' request on the network tab and notice that it failed and that a "cache-control" header with the value "max-age=0" was added 

The error can also be seen in the Service Worker console (Develop -> Service Workers).


Is there any fix for this issue?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220218/5dfdfcf8/attachment.htm>

More information about the webkit-unassigned mailing list