Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OPTIONS request makes application 2x slower?

Tags:

cors

single-page-application

api

I have very intensive single-page application that is using API. Let's say application is located at application.com. Now if I place API in api.application.com it will enable CORS thus all browsers will do OPTIONS request before the actual request.

Does this makes my application 2x slower?

like image 947
Stan Avatar asked Jul 11 '14 18:07

Stan

People also ask

Why does browser make options request?

This pre-flight request is made by some browsers as a safety measure to ensure that the request being done is trusted by the server. Meaning the server understands that the method, origin and headers being sent on the request are safe to act upon.

How can we avoid preflight requests?

Another way to avoid Preflight requests is to use simple requests. Preflight requests are not mandatory for simple requests, and according to w3c CORS specification, we can label HTTP requests as simple requests if they meet the following conditions. Request method should be GET , POST , or HEAD .

What is Preflight options request?

A CORS preflight request is a CORS request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers. It is an OPTIONS request, using three HTTP request headers: Access-Control-Request-Method , Access-Control-Request-Headers , and the Origin header.

Why is there an options request before post?

Prevent sending the post data, if it wont be processed This is the only reason what is valid. Using options request will prevent sending the post data to the server unnecessarily.

1 Answers

It probably won't make your entire application 2x slower. It will sometimes issue 2 http requests when you might expect one. But your app is probably more than just HTTP requests, so you'd have to measure the performance of your app as a whole.

The conditions for the browser issuing a preflight are:

  • The HTTP method is not a simple method (GET, HEAD, POST), or
  • There are HTTP headers other than Accept, Accept-Language, Content-Language or Content-Type (but only if the Content-Type value is not application/x-www-form-urlencoded, multipart/form-data, or text/plain)

If your HTTP request doesn't meet those criteria, it will not issue a preflight. The preflight is a small OPTIONS request without a body, so it should be fast (depending on your connection speed). And once you issue a preflight, its results are cached for a period of time (the cache time varies by browser. Chrome/Safari do 5 minutes, FF does 24 hours).

If you are interested in tips for reducing preflights, see this answer: How to apply CORS preflight cache to an entire domain

like image 52
monsur Avatar answered Sep 21 '22 16:09

monsur
Sign in to Comment

Related questions

The concept of CORS and should I enforce an Origin header?
GSSendEvent - Inject Touch Event iOS
Google Maps API custom Street View quality issue
How to search for tracks using the soundcloud Sdk iOS
SSL Certificates for just API or do clients need them to?
Youtube API get unlisted videos
Is a node.js app that both servs a rest-api and handles web sockets a good idea?
Are there a RSS like standard format for distributed (forum like) communication?
Accessing API via WebSockets using Python
RAML : How to require parameter A OR parameter B
Binance "Event Time" vs "Trade time"
REST API: Simple token-based authentication - security?
Creating API versioning for my php application (Social App)
How to remove xmlns attribute with .NET XML API
Gmail Contact api
What is the difference between this two Google Maps Geocoding API URL?
Windows aero peek API
How can I test the backward compatibility of API between .net assemblies
Difference between using GetterUtils and ParamUtils
Why both Files.exists(…) and Files.notExists(…)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!