preflight
Preflighted requests
Unlike simple requests (discussed above), "preflighted" requests first send an HTTP request by the OPTIONS
method to the resource on the other domain, in order to determine whether the actual request is safe to send. Cross-site requests are preflighted like this since they may have implications to user data. In particular, a request is preflighted if:
- It uses methods other than
GET, HEAD
orPOST
. Also, ifPOST
is used to send request data with a Content-Type other thanapplication/x-www-form-urlencoded
,multipart/form-data
, ortext/plain
, e.g. if thePOST
request sends an XML payload to the server usingapplication/xml
ortext/xml
, then the request is preflighted. - It sets custom headers in the request (e.g. the request uses a header such as
X-PINGOTHER
)
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
http://91.213.30.153/url?sa=t&rct=j&q=Preflight+Request+server&source=web&cd=1&ved=0CBsQFjAA&url=%68%74%74%70%3a%2f%2f%77%77%77%2e%68%74%6d%6c%35%72%6f%63%6b%73%2e%63%6f%6d%2f%65%6e%2f%74%75%74%6f%72%69%61%6c%73%2f%63%6f%72%73%2f&ei=LysyVczBGKbC7gbQyoGIDw&usg=AFQjCNEqGW6hrCKA6tJWxPT0-r66XZGgeQ&bvm=bv.91071109,d.bGg&cad=rjt
https://spring.io/understanding/CORS