Answer the question
In order to leave comments, you need to log in
V
V
Vadim Ivanenko2015-07-04 23:19:13
Vadim Ivanenko, 2015-07-04 23:19:13
How to get rid of CORS preflight?
API and client are on different hosts - api.domain.local and domain.local.
In each request to the API, I must pass the token. I create a custom Token header for this.
All requests with this header are executed with a preflight (OPTIONS request), which reduces performance.
Added the following to .htaccess. line:
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header add Access-Control-Allow-Headers "Token" #вотBut the client (Chrome, Angular, ngResource) does the preflight anyway.
Passing the token in the query string can mess up caching.
I would like to pass it in the headers, but for this you need to get rid of the preflight.
1 answer(s)
@supra7sky
Use the standard Authorization... Stop rambling on headlines.
Well, since this is how CORS works, a request for access confirmation is sent for each request. For everyone.
I don’t understand what the problem is, just don’t process preflight requests on the server, allow and close.
S
Sergey, 2015-07-05 @supra7sky
I create a custom Token header for this.
Use the standard Authorization... Stop rambling on headlines.
Well, since this is how CORS works, a request for access confirmation is sent for each request. For everyone.
I don’t understand what the problem is, just don’t process preflight requests on the server, allow and close.
Similar questions
A
S
S
V
O
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question