Menu
I've just found out that my browser was sending an extra "OPTION" request when trying to make a cross domain ajax call with a custom http header. I presume it is called "preflight request".
Is it possible to disable this functionality and just send the initial request ?
This is my javascript testing code :
$(document).ready(function() {
$.ajax({
url: "http://google.fr",
crossDomain: true,
headers: {
"X-custom-parameter": true
}
});
});
978
This opt-in is the preflight request. So GET/POST requests without any custom headers don't need a preflight, since these requests were already possible before CORS. But any request with custom headers, or PUT/DELETE requests, do need a preflight, since these are new to the CORS spec.
A preflight request is a small request that is sent by the browser before the actual request. It contains information like which HTTP method is used, as well as if any custom HTTP headers are present. The preflight gives the server a chance to examine what the actual request will look like before it's made.
No, it is definitely not possible to bypass the CORS preflight request. The preflight request exists to allow cross-domain requests in a safe manner. In your example above, you are trying to access google.fr, but google.fr doesn't support CORS. There is no way around this for Google, since Google doesn't support cross-domain requests on its web page. In general, if you have ownership of the server, your options are to support CORS, support alternative cross-domain hacks like JSON-P, or use a server-side proxy.
62
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
