CORS preflight responses are missing caching headers

[developit]

Describe the bug

When using bugsnag-js, the CORS POST requests sent to https://notify.bugsnag.com are missing the Access-Control-Max-Age response header. Without this, preflight responses are only cached for 5 seconds. There is no reason not to cache these for as long as possible - they are identical requests with no Bugsnag-related auth/parameters/headers.

Bugsnag's HTTP response to a CORS OPTIONS preflight should include Access-Control-Max-Age: 86400. This will allow browsers to skip making repeated identical preflights to get identical responses.

Steps to reproduce

1. Go to any website using bugsnag-js
2. Trigger an error
3. Wait 5 seconds
4. Trigger another error
5. Observe that two identical preflight OPTIONS requests are sent:

Environment

• Bugsnag version: all (this is an issue with Bugsnag's servers)
• Browser framework version: all
• Server framework version: N/A
• Browser version: all browsers
• Device: all devices

[mclack]

Hi @developit

Thanks for raising this. We've added a task to our backlog to look into changing this when priorities allow.

We'll make sure to post any future updates regarding this here.

[mclack]

Hi @developit

We have now set the Access-Control-Max-Age header to 86400 in the bugsnag-js notifier: https://github.com/bugsnag/bugsnag-js/pull/2160

This change is available from v8.1.0 of the notifier: https://github.com/bugsnag/bugsnag-js/releases/tag/v8.1.0

[mclack]

Hi @developit

Please accept our apologies.

This change had to be reverted due to some complications, so this still remains on our backlog.

I'm reopening this issue, and we will make sure to post any further updates regarding this here.