Performance regression due to CORS preflight request #1609
Description
New Issue Checklist
- I am not disclosing a vulnerability.
- I am not just asking a question.
- I have searched through existing issues.
- I can reproduce the issue with the latest versions of Parse Server and the Parse JS SDK.
Issue Description
When connecting to a different origin in the browser environment, CORS requires a preflight request except for specific cases. This preflight request adds overhead and latency, especially for the first request.
Starting with v2.13.0, most Parse JS SDK operations began triggering the need for a preflight request when previously no preflight request was being made, which is a performance regression.
This is due to the addition of a progress listener on upload for all XHR requests with RESTController: #1133 . This listener triggers the need for a preflight request: https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/upload#sect1
Note: Attaching event listeners to this object prevents the request from being a "simple request" and will cause a preflight request to be issued if cross-origin; see CORS.
While this upload progress listener is useful in cases where a progress callback is being used, it should not be set when no progress callback is provided to avoid the performance issue.
Steps to reproduce
- Set
Parse.serverURLto a different origin - Call a Cloud Function or perform any query
Actual Outcome
- A CORS preflight request is made by the browser with method
OPTIONSbefore making the actual request
Expected Outcome
- No CORS preflight request is made
Environment
Server
- Parse Server version: 4.10.20
- Operating system: macOS
- Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): Local
Database
- System (MongoDB or Postgres): MongoDB
- Database version: 4.4
- Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): Local
Client
- Parse JS SDK version: 3.5.0