CORS – How do ‘preflight’ an httprequest?

by

During the preflight request, you should see the following two headers: Access-Control-Request-Method and Access-Control-Request-Headers. These request headers are asking the server for permissions to make the actual request. Your preflight response needs to acknowledge these headers in order for the actual request to work.

For example, suppose the browser makes a request with the following headers:

Origin: http://yourdomain.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-Custom-Header

Your server should then respond with the following headers:

Access-Control-Allow-Origin: http://yourdomain.com
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Custom-Header

Pay special attention to the Access-Control-Allow-Headers response header. The value of this header should be the same headers in the Access-Control-Request-Headers request header, and it can not be ‘*’.

Once you send this response to the preflight request, the browser will make the actual request. You can learn more about CORS here: http://www.html5rocks.com/en/tutorials/cors/

More Related Contents:

  1. Why does my JavaScript code receive a “No ‘Access-Control-Allow-Origin’ header is present on the requested resource” error, while Postman does not?
  2. “Origin null is not allowed by Access-Control-Allow-Origin” error for request made by application running from a file:// URL
  3. jQuery XML error ‘ No ‘Access-Control-Allow-Origin’ header is present on the requested resource.’
  4. how to bypass Access-Control-Allow-Origin?
  5. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘…’ is therefore not allowed access
  6. No ‘Access-Control-Allow-Origin’ header is present on the requested resource error
  7. A CORS POST request works from plain JavaScript, but why not with jQuery?
  8. Cross-Origin Read Blocking (CORB)
  9. How do CORS and Access-Control-Allow-Headers work?
  10. Cross-origin resource sharing (CORS) concept
  11. CORS not working on Chrome
  12. Getting Spotify API access token from frontend JavaScript code
  13. Does Wikipedia API support CORS or only JSONP available?
  14. Google’s Places API and JQuery request – Origin http://localhost is not allowed by Access-Control-Allow-Origin
  15. CORS error with jquery
  16. .val() don't edit input
  17. Origin null is not allowed by Access-Control-Allow-Origin
  18. How to debug JavaScript / jQuery event bindings with Firebug or similar tools?
  19. Generating non-repeating random numbers in JS
  20. What is the meaning of symbol $ in jQuery?
  21. HTML5 Local Storage fallback solutions [closed]
  22. Multiple ajax calls inside a each() function.. then do something once ALL of them are finished?
  23. jQuery iframe file upload
  24. Disabling browser tooltips on links and s
  25. Toggle visibility property of div
  26. Javascript change event on input element fires on only losing focus
  27. How to remove all click event handlers using jQuery?
  28. Catch scrolling event on overflow:hidden element
  29. How to add a onclick event to an element using javascript
  30. How to force input to only allow Alpha Letters?

Leave a Comment