Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hey, I'm trying to follow <https://www.ory.sh/docs/concepts/cache#force-refresh> to force cache refresh and I'm having some issues.

1. using exactly
```ory.toSession(undefined, undefined, {
  headers: {
    "Cache-Control": "max-age=0",
  },
})```
raises an error `Expected 0-2 arguments, but got 3.ts(2554)`

2. using
```ory.toSession(undefined, {
  headers: {
    "Cache-Control": "max-age=0",
  },
})```
seems to work as expected - I can see the cache-control header in the request. But the request results in a CORS error: "Cross-Origin Resource Sharing error: PreflightMissingAllowOriginHeader".

This is for development for now, we're connecting to Ory through the Ory Tunnel.

Would you have any pointers? We have a use-case where we want to set the cache expiration to be a bit more conservative than your defaults, so this would be a pretty useful capability to have.

image.png

Even if trying to connect directly to Ory using `fetch`, setting that extra header seems to be problematic: