Tuesday, September 24, 2019

Pre-flight Request:

  It's an OPTIONS- request  sent to determine whether the target of the request (Server) supports the request.

Sending pre-flight requests is the first step in CORS(Cross Origin Resourse Sharing) mechanism.

Before sending the actual request, the application sends a pre-flight request to the server.
The server can then respond to the pre-flight request with a collection of headers:


  • Access-Control-Allow-Origin:    Defines which origins may have access to the resource. A '*' represents any origin.



  • Access-Control-Allow-Methods:     Indicates the allowed HTTP methods for cross-origin requests



  • Access-Control-Allow-Headers:     Indicates the allowed request headers for cross-origin requests



  • Access-Control-Max-Age:     Defines the expiration time of the result of the cached preflight request


    So, if the pre-flight request doesn't meet the conditions determined from these response headers, the actual follow-up request will throw errors related to the cross-origin request ( Most probably error 401).

No comments:

Post a Comment

Send Emails without a server-side code with Angular

Without any server-side code hosted on a server, you can send emails through your Angular application with smtpJS, a client-side Javasc...