How CORS Preflight Requests Protect Servers Before Data Is Changed
CORS preflight requests are a browser security mechanism that checks server permission before sending potentially sensitive cross-origin requests. When a browser intends to send a request using methods like DELETE or PUT, it first issues an HTTP OPTIONS request to the same endpoint to ask if the action is permitted. The server responds with CORS headers indicating whether the actual request may proceed, preventing irreversible server-side operations from occurring before any access check. Preflight and CORS serve distinct roles: preflight controls whether a request is sent at all, while CORS governs whether JavaScript can read the response. Not all cross-origin requests trigger a preflight check — only those that do not qualify as "simple requests" require this preliminary step.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in