preflight request in browser – preflight request

Leave a Comment / / Lenix

What is a preflight request?

preflight, a cors preflight request, belongs to the options request. This request is made automatically by the browser when it thinks that an upcoming request might have unpredictable effects on the server.

Using the preflight request, the browser can know whether the current server allows the execution of the upcoming request, and only if it is allowed, the browser will actually execute the next request.

So, to sum up a few points:

  • The browser makes this request automatically without user intervention
  • The request occurs before the request sent by the user, and the request sent by the user can only be sent to the server if the preflight request passes, otherwise a CORS error will be thrown.

prefilght trigger condition

The preflight preflight request is part of the cors specification and is a server authentication mechanism. All browsers currently implement this specification, but some browsers will inevitably expand the content of the specification. But the specification that must be implemented is that the preflight request will not be sent only if the following conditions are met, otherwise the preflight request will be sent before the user request is sent, so as to avoid unpredictable effects on the server before it is allowed.

The conditions are:

  1. Request method restrictions

Only GET and POST methods can be used

  1. request header limit

Only nine request headers can be included:

  • Accept
  • Accept-language
  • Content-Language
  • Content-Type
  • DPR
  • Downlink
  • Save-Data
  • Viewport-Width
  • Width
  1. Content-type restrictions

Only three types can be included:

  • text/plain
  • multipart/form-data
  • application/x-www-form-urlencoded
  1. XMLHttpRequestUpload Object Limits

The object does not have any event listeners registered

  1. ReadableStream Object Limits

A ReadableStream object cannot be used in the request

If one of the above conditions is not met, the browser will automatically initiate a preflight request

Configure the preflight request

The preflight request automatically sent by the browser is generally represented by three fields:

  • Origin: indicates the access source (domain name) of the current request
  • Access-Control-Request-Headers: Inform the server of the custom header fields carried by the actual request

The post Preflight Requests in the Browser – Preflight Requests first appeared on Lenix Blog .

This article is reprinted from https://blog.p2hp.com/archives/9282
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment