What are preflight requests and how do they work?

Preflight request

It is an HTTP request of the OPTIONS method, sent before the request itself, in order to determine if it is safe to send it.

It is only after the server has sent a positive response that the actual HTTP request is sent.

The preflight request contains metadata with information like:

  • Origin: indicates the origin of the request (server name);

  • Access-Control-Request-Method: which HTTP methods will be used;

  • Access-Control-Request-Headers: keys that will be in the headers.

How it works

As described in the page about creating a resource,

  • If you have implemented an OPTIONS method for the resource, the flow is respected and the interceptor hierarchy you have set is maintained.

  • If you have not implemented an OPTIONS method, interceptors configured in the all/all resource are disregarded and they are not inherited by the resource.

    As a standard, responses to preflight requests will contain the following headers:

    key: value

    Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, DELETE, POST, GET, OPTIONS, PUT, PATCH

    Should request headers Access-Control-Request-Headers be informed the in the preflight request, their content will be included in the Access-Control-Allow-Headers key-value header.

Thanks for your feedback!
EDIT
How useful was this article to you?