How to disable preflight requests?

N

Nadim Zakirov2021-07-18 17:33:22

PHP

Nadim Zakirov, 2021-07-18 17:33:22

I noticed that before making a request to my server, the browser first makes some kind of pre-request with the OPTIONS type and in fact it turns out that the download speed suffers because of this and I get a response 2 times slower.

Is it possible to somehow disable preflight requests for cross-domain requests?

What I tried to do:

<?php

// Если это предзапрос:

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
  
  // Отдаем только заголовки, без тела:
  header('access-control-allow-origin: *');
  header('access-control-allow-methods: *');
  header('access-control-allow-headers: *');
  header('access-control-expose-headers: *');
  
  // Указываем закешировать предзапрос:
  header('access-control-max-age: 600');
  
}

However, this didn't help and the prerequests are still sent by the browser since I never hit the same address. Is it possible on the server side to somehow make it clear to the browser that it would not send Preflight, but address it immediately?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

L

Lynn "Coffee Man", 2021-07-18
@zkrvndm

It might be easier to not do things that cause preflight requests. In particular, Content-Type: application/jsonyou can send the request as text/plain.
https://developer.mozilla.org/en-US/docs/Web/HTTP/...
I don't know why the developers of CORS decided application/jsonit was dangerous.