Menu
So I have been using CORS for a short time now, I just read up on how it works behind the scenes.
My question is how does the browser know when to do a pre-flight request?
There is no issue involved right now, as the browser seems to be working fine, I am just a little bit curious. Because when I make the request, I am not giving it any information on whether or not it is CORS, yet it still knows to do a pre-flight.
814
A preflight request is a small request that is sent by the browser before the actual request. It contains information like which HTTP method is used, as well as if any custom HTTP headers are present. The preflight gives the server a chance to examine what the actual request will look like before it's made.
The preflight isn't the request itself. Instead, it contains metadata about it, such as which HTTP method is used and if the client added additional request headers. The server inspects this metadata to decide whether the browser is allowed to send the request.
You can add a handler to deal with this type of request. Later in WebApiconfig. cs in Register method add this: public static void Register(HttpConfiguration config) { // Define and add values to variables: origins, headers, methods (can be global) // Enable global CORS config.
Check for the existence of these essential information present in a preflight request: The request's HTTP method is OPTIONS. It has an Origin header. It has an Access-Control-Request-Method header, indicating what's the actual method it's trying to use to consume your service/resource.
The browser will send a preflight request if:
More details here: HTTP access control (CORS), Preflighted requests
167
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
