Shih-Min Lee's Personal website

dating, chating, food, games, search

Follow me on GitHub

😳 CORS preflight request

A CORS preflight request is sent prior to the actual request to see if a HTTP method can be understand.

It is an OPTIONS request using two HTTP request headers: Access-Control-Request-Method and Access-Control-Request-Headers, and the Origin header.

A preflight request is automatically issued by a browser when needed, say, when your request is cross origin.

GET/POST requests without any custom headers don’t need a preflight, since these requests were already possible before CORS. But any request with custom headers, or PUT/DELETE requests, do need a preflight because there’s a chance the server is not able to understand them at all.

references:

05 Aug 2017