Ive blogged about CORS, and how this allows you to list sites that are permitted to use scripts to send request to the mqweb server.
I struggled with understanding what value mqRestCorsMaxAgeInSeconds has, as it did not behave as expected (this was due to a bug).
If you have a CORS transaction there is an OPTIONS request, followed by the actual DELETE/GET/POST requests.
The OPTIONS request checks that the request is coming from an authorised list of URLs, and that the parameters are valid. The OPTIONS information can be cached.
If the check is successful then the real request can be issued. If the requests occur in a short time, then you can have OPTIONS, DELETE, DELETE, DELETE, using the cached values. If there is a “long” time interval between the requests you may get OPTIONS, DELETE, gap, OPTIONS, DELETE.
The OPTIONS information can be cached for up to the minimum of the mqweb mqRestCorsMaxAgeInSeconds time, and the browser time.
For Chrome the maximum time interval is 600 seconds. If no time is specified in the OPTIONS response, then 5 seconds is used.
There is a bug in the Liberty base code which sends down the header Access-Control-Allow-Max-Age: …, when the browser is expecting Access-Control-Max-Age. Because of this, the default time of 5 seconds is used in Chrome.
This should not have a major impact. For those applications using scripts to send multiple REST API request, there will be more frequent OPTIONS requests – every 5 seconds instead of up to 600 seconds. These extra flowes are invisible to the scripts and the end user.
What value should I use?
Chrome has a maximum of 600 seconds, with a default of 5 seconds.
Firefox has a maximum of 24 hours (86400 seconds).
Setting it to 600 seconds sounds reasonable to me.
Making changes to mqRestCorsMaxAgeInSeconds
If you change mqRestCorsMaxAgeInSeconds you have to restart the mqweb server.
I do not get caching!
When researching this topic I found every GET request had an OPTIONS request, rather than the OPTIONS, GET, GET. A quick search on the internet showed me the Chrome option ( F1 -> Settings and preferences) “Disable Cache ( while DevTOOLS is open)” was enabled. I deselected this, and I got the caching.