Does a fetch with application/json trigger a preflight?
Yes. application/json is not a 'safe' Content-Type. The browser sends an OPTIONS preflight first. Only form-urlencoded, multipart/form-data, and text/plain are safe.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in CORS: Simple vs Non-Simple Requests
GET, POST, or HEAD with a safe Content-Type (form-urlencoded, multipart, text/plain) and no custom headers. The browser sends it directly without a preflight and checks the response headers.
PUT, DELETE, PATCH, or any request with application/json Content-Type or custom headers (Authorization, X-Custom). These trigger a preflight OPTIONS request before the actual request.
Yes. Authorization is a custom header (not in the CORS-safe list). Any request with an Authorization header triggers a preflight, even a GET.
Still have questions?
Browse all our FAQs or reach out to our support team
