Chapter 4. Handling preflight requests

This chapter covers

What a CORS preflight is
How to respond to a CORS preflight
How the preflight cache works

The previous chapter showed how to respond to CORS requests by using the Access-Control-Allow-Origin header. While this header is required on all valid CORS responses, there are some cases where the Access-Control-Allow-Origin header alone isn’t enough. Certain types of requests, such as DELETE or PUT, need to go a step further and ask for the server’s permission before making the actual request.

The browser asks for permissions by using what is called a preflight request. A preflight request is a small request that is sent by the browser before the actual request. It contains information ...

Get CORS in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CORS in Action by Monsur Hossain

Chapter 4. Handling preflight requests

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly