What is the pre-flight Request | Everything about CORS explained in plain English



Cross-Origin Resource Sharing (CORS) is an HTTP header-based mechanism that allows servers to specify origins (domains, schemes, or ports) other than their own from which browsers are allowed to load resources. CORS also relies on a mechanism whereby the browser sends a “preflight” request to the server hosting the cross-origin resource to verify that the server will allow the actual request. During this preflight, the browser sends headers indicating the HTTP method and headers used in the actual request.

Cross-origin request example: Front-end JavaScript served by https://domain-a.com uses XMLHttpRequest to make a request to https://domain-b.com/data, returning json to place For security reasons, browsers restrict cross-origin HTTP requests initiated by scripts. For example, XMLHttpRequest and Fetch API follow the same-origin policy. This means that web applications using these APIs can only request resources from the same origin the application was loaded from, unless responses from other origins contain the correct CORS headers.

CORS mechanism supports secure cross-origin requests and data transfer between browser and server. Modern browsers use her CORS in APIs like XMLHttpRequest and Fetch to reduce the risk of cross-origin HTTP requests. Specifically, this video is aimed at his web admin, server developer, and front-end developer. Modern browsers handle the client side of cross-origin sharing, including applying headers and policies. However, the CORS standard means that the server has to handle new request and response headers.