A CORS preflight request is a request that checks to see if the protocol is understood and a server is aware using specific methods and headers. CORS CORS It is an request, using three HTTP request headers: , , and the header. OPTIONS Access-Control-Request-Method Access-Control-Request-Headers Origin A preflight request is automatically issued by a browser and in normal cases, front-end developers don't need to craft such requests themselves. It appears when request is qualified as and ommited for . "to be preflighted" simple requests For example, a client might be asking a server if it would allow a request, before sending a request, by using a preflight request: DELETE DELETE OPTIONS /resource/foo 
Access-Control-Request- DELETE 
Access-Control-Request-Headers: origin, x-requested- Origin: https: : Method with //foo.bar.org If the server allows it, then it will respond to the preflight request with an response header, which lists DELETE: Access-Control-Allow-Methods HTTP/ Content : keep-alive -Control-Allow-Origin: https://foo.bar.org -Control-Allow-Methods: POST, , , -Control-Max-Age: 1.1 204 No Connection Access Access GET OPTIONS DELETE Access 86400 The preflight response can be optionally cached for the requests created in the same url using header like in the above example. Access-Control-Max-Age See also CORS OPTIONS View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted request header CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Public-key cryptography Reporting directive Robots.txt Same-origin policy Session Hijacking SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request Published under license Open CC Attribution ShareAlike 3.0

Mozilla

Glossary of Security Terms: Robots.txt

Glossary of Security Terms: Reporting Directive

Read My Stories

Too Long; Didn't Read

Make resilience your competitive advantage

Glossary of Security Terms: Preflight Request

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

An Introduction to Firefox’s new Site Isolation Security Architecture

10 VSCode Extensions To Make Your Life Easier

10 Ways Stand Out as a Java Developer and Land that Dream Job

10 Tips For Junior Developers To Succeed in Code

10 Things Every Beginner Should Know When Learning Javascript And React

An Introduction to Firefox’s new Site Isolation Security Architecture

10 VSCode Extensions To Make Your Life Easier

10 Ways Stand Out as a Java Developer and Land that Dream Job

10 Tips For Junior Developers To Succeed in Code

10 Things Every Beginner Should Know When Learning Javascript And React

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps