1. Introduction to CORS for Cross-Origin Resource Sharing
The entire CORS communication process is automatically completed by the browser and does not require user participation.
The key to implementing CORS communication is the server. Cross-origin communication is possible as long as the server implements the CORS interface.
The OPTIONS request is a preflight request , which can be used to detect the http methods allowed by the server. When a cross-domain request is initiated, due to security reasons, when certain conditions are triggered, the browser will automatically initiate an OPTIONS request before the formal request, that is, a CORS preflight request. If the server accepts the cross-domain request, the browser will continue to initiate the formal request.
preflight, a cors preflight request, belongs to the options request. This request is made automatically by the browser when it thinks that an upcoming request might have unpredictable effects on the server .
Using the preflight request, the browser can know whether the current server allows the execution of the upcoming request, and only if it is allowed, the browser will actually execute the next request.
Two, two requests
Browsers divide CORS requests into two categories:简单请求(simple request) and非简单请求(not-so-simple request .
As long as the following two conditions are met at the same time, it is a simple request.
1) The request method is one of the following three methods:
HEAD
GET
POST
(2) HTTP header information does not exceed the following fields:
Accept
Accept-Language
Content-Language
Last-Event-ID
Content-Type: limited to three values
application/x-www-form-urlencoded
…
The post http CORS options request (preflight request) detailing first appeared on Lenix Blog .
This article is reprinted from https://blog.p2hp.com/archives/9911
This site is for inclusion only, and the copyright belongs to the original author.