A CORS preflight request is a request that checks to see if the protocol is understood and a server is aware using specific methods and headers. CORS CORS It is an request, using three HTTP request headers: , , and the header. OPTIONS Access-Control-Request-Method Access-Control-Request-Headers Origin A preflight request is automatically issued by a browser and in normal cases, front-end developers don't need to craft such requests themselves. It appears when request is qualified as and ommited for . "to be preflighted" simple requests For example, a client might be asking a server if it would allow a request, before sending a request, by using a preflight request: DELETE DELETE OPTIONS /resource/foo 
Access-Control-Request- DELETE 
Access-Control-Request-Headers: origin, x-requested- Origin: https: : Method with //foo.bar.org If the server allows it, then it will respond to the preflight request with an response header, which lists DELETE: Access-Control-Allow-Methods HTTP/ Content : keep-alive -Control-Allow-Origin: https://foo.bar.org -Control-Allow-Methods: POST, , , -Control-Max-Age: 1.1 204 No Connection Access Access GET OPTIONS DELETE Access 86400 The preflight response can be optionally cached for the requests created in the same url using header like in the above example. Access-Control-Max-Age See also CORS OPTIONS View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted request header CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Public-key cryptography Reporting directive Robots.txt Same-origin policy Session Hijacking SQL Injection Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request Published under license Open CC Attribution ShareAlike 3.0

Mozilla

Read My Stories

Too Long; Didn't Read

In your car, at home, or at work — Bosch technology shapes many areas of life.

Glossary of Security Terms: Preflight Request

Too Long; Didn't Read

Company Mentioned

Mozilla Contributors

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Glossary of Security Terms: Preflight Request

Too Long; Didn't Read

Company Mentioned

Mozilla Contributors

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES