cc56720bd2
A CORS preflight request is an "OPTIONS" request sent to a server prior to a cross-origin XMLHttpRequest or Fetch request. The server's response determines which HTTP request methods are allowed and supported, and whether credentials such as Cookies and HTTP Authentication should be sent with requests. A CORS preflight request will only be sent if certain conditions are met. For example, it will be sent for requests that have potentially unsafe HTTP methods [1] or request headers [2]. See the NeedsPreflight function in services/network/cors/cors_url_loader.cc for full details. CORS preflight functionality is implemented in the network service and will not be triggered if the client handles the request instead of allowing it to proceed over the network. Since the preflight request itself also runs in the network service it cannot be intercepted by the client. [1] https://fetch.spec.whatwg.org/#cors-safelisted-method [2] https://fetch.spec.whatwg.org/#cors-safelisted-request-header |
||
|---|---|---|
| .. | ||
| browser | ||
| common | ||
| features | ||
| renderer | ||
| resources | ||