208 reads
Glossary of Security Terms: Preflight Request
by Mozilla ContributorsSeptember 8th, 2020
Too Long; Didn't Read
CORS preflight request is a CORS request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers. Preflight requests are automatically issued by a browser and in normal cases, front-end developers don't need to craft such requests themselves. It appears when request is qualified as "to be preflighted" and ommited for simple requests. The preflight response can be optionally cached for the requests created in the same URL using Access-Control-Max-Age header.Company Mentioned
A CORS preflight request is a CORS request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers.
It is an
request, using three HTTP request headers: OPTIONS
, Access-Control-Request-Method
, and the Access-Control-Request-Headers
header.Origin
A preflight request is automatically issued by a browser and in normal cases, front-end developers don't need to craft such requests themselves. It appears when request is qualified as "to be preflighted" and ommited for simple requests.
For example, a client might be asking a server if it would allow a
request, before sending a DELETE
DELETEOPTIONS /resource/foo
Access-Control-Request-Method: DELETE
Access-Control-Request-Headers: origin, x-requested-with
Origin: https://foo.bar.orgIf the server allows it, then it will respond to the preflight request with an
response header, which lists DELETE:Access-Control-Allow-Methods
HTTP/1.1 204 No Content
Connection: keep-alive
Access-Control-Allow-Origin: https://foo.bar.org
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE
Access-Control-Max-Age: 86400The preflight response can be optionally cached for the requests created in the same url using Access-Control-Max-Age header like in the above example.
See also
View Previous Terms:
- Block cipher mode of operation
- Certificate authority
- Challenge-response authentication
- Cipher
- Cipher suite
- Ciphertext
- CORS
- CORS-safelisted request header
- CORS-safelisted response header
- Cross-site scripting
- Cryptanalysis
- Cryptographic hash function
- Cryptography
- CSP
- CSRF
- Decryption
- Digital certificate
- DTLS (Datagram Transport Layer Security)
- Encryption
- Forbidden header name
- Forbidden response header name
- Hash
- HMAC
- HPKP
- HSTS
- HTTPS
- Key
- MitM
- OWASP
- Public-key cryptography
- Reporting directive
- Robots.txt
- Same-origin policy
- Session Hijacking
- SQL Injection
- Symmetric-key cryptography
- TOFU
- Transport Layer Security (TLS)
Credits
Source: https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
L O A D I N G
. . . comments & more!
. . . comments & more!
About Author
TOPICS
THIS ARTICLE WAS FEATURED IN...
RELATED STORIES
10 VSCode Extensions To Make Your Life Easier #vscode
Aug 09, 2020
