0đź‘Ť
As per Mozilla Developer Network,
Preflight Requests
Unlike “simple requests” (discussed above), "preflighted" requests
first send an HTTP request by the OPTIONS method to the resource on
the other domain, in order to determine whether the actual request is
safe to send. Cross-site requests are preflighted like this since they
may have implications to user data.In particular, a request is preflighted if any of the following
conditions is true:If the request uses any of the following methods:
- Put
- DELETE
- CONNECT
- OPTIONS
- TRACE
- PATCH
Or if, apart from the headers set automatically by
the user agent (for example, Connection, User-Agent, or any of the
other header with a name defined in the Fetch spec as a “forbidden
header name”), the request includes any headers other than those which
the Fetch spec defines as being a “CORS-safelisted request-header”,
which are the following:
- Accept
- Accept-Language
- Content-Language
- Content-Type (but note the additional requirements below)
- DPR
- Downlink
- Save-Data
- Viewport-Width
- Width
Or if the Content-Type header has a
value other than the following:
- application/x-www-form-urlencoded
- multipart/form-data
- text/plain
Updated
Please read this answer on how to disable preflight requests: Link