How is a preflight request made?

N

newaitix2021-03-10 10:25:16

PHP

newaitix, 2021-03-10 10:25:16

There are explanations on the net that the request should have headers

Origin: http://yourdomain.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: X-Custom-Header

And the response should have headers

Access-Control-Allow-Origin: http://yourdomain.com
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Custom-Header

The response body must be empty.

But firstly, Origin is not possible to install it, and so it will be installed automatically. And secondly, even if you do this, it will be a regular POST request and not a Preflight request.

<script>
function fu(){
  var invocation = new XMLHttpRequest();
var url = '/ajax_quest.php';
var body = '<\?xml version=\"1.0\"\?><person><name>Arun</name></person>';


  if(invocation)
    {
      invocation.open('OPTIONS', url, true);
      invocation.setRequestHeader('X-PINGOTHER', 'pingpong');
      invocation.setRequestHeader('Content-Type', 'application/xml');
      invocation.onreadystatechange = function(){
      
      };
      invocation.send(body);
    }
}
</script>
<button onclick="fu()">Submit</button>

<?
header('Access-Control-Allow-Origin: https://test.logreel.xyz');
header('Access-Control-Allow-Methods: GET, POST');
header('Access-Control-Allow-Headers: X-Custom-Header');
?>

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

Maxim Babichev, 2021-03-10
@newaitix

The preflight request is made by the browser automatically, you don't need to worry about it.
https://developer.mozilla.org/en-US/docs/Glossary/...

A preflight request is automatically issued by a browser and in normal cases, front-end developers don't need to craft such requests themselves. It appears when request is qualified as "to be preflighted" and omitted for simple requests.