Facebook Pixel

When does a CORS preflight request happen?

When the request is not 'simple': methods other than GET/POST/HEAD (PUT, DELETE, PATCH), custom headers (Authorization, X-Custom), or Content-Type application/json. Simple requests (GET, POST with form data) do not trigger a preflight.

Verify This Answer

Cross-check this information using these trusted sources:

More FAQs in CORS Preflight Requests Explained

An HTTP OPTIONS request that the browser sends before the actual request, to check if the server allows it. It includes Access-Control-Request-Method and Access-Control-Request-Headers. The server responds with the allowed methods, headers, and origins.

OPTIONS. The browser sends an OPTIONS request with Access-Control-Request-Method and Access-Control-Request-Headers. The server responds with 204 No Content and the CORS headers.

A header that tells the browser how long (in seconds) to cache the preflight result. Within this period, subsequent requests to the same URL do not trigger a new preflight. Common values: 3600 (1 hour).

Still have questions?

Browse all our FAQs or reach out to our support team

Want to upskill yourself?

Our courses are taking a Coffee break, but your curiosity shouldn't. Stay engaged with namastedev linkedin, youtube, discord and other resources while you wait.

0
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.