Background separation project in the former often encounter browser want the server to send a post / patch request, actually had two requests, one Option, the other is real Post / Patch requests, get requests Options request is not generated.
The cause of this problem is the browser's handling of cross-domain, let's look at why there is breaking pull Option request.
Options situation request occurs in two ways:
1, access to the backend server supports HTTP communication method
2, cross-domain request preflight request (preflight request).
Preflight request to send a Http Options first need to request additional resources to the head of a domain name, to detect whether or not the request is actually sent is secure. options from the browser request is initiated preflight request (preflight request).
preflight request request packet header field has two need to focus on:
(1) Access-Control-Request-Method: The method of HTTP request notifying the server actually used;
(2) Access-Control-Request-Headers: Custom carried inform the server actually requested header field.
At the same time the server will add origin header, the client tells the server the address of the actual request. Based on information obtained from the server preflight request to judge whether to accept the next request practical.
Access-Control-Allow-Methods header field returned by the server for all enabled request methods to inform the client returns all Access-Control-Request-Headers header field of all custom allowed header field tells the client. In addition, the server may return Access-Control-Max-Age header field, allows the browser to a specified time, without having to request retransmission preflight, this result can be used directly.
That appear in our development process initiated options from the browser request is the second case above. In fact, the cross-domain requests in a "complex request" will be issued before the method is one of the options preflight request.
Second, when the request is a simple cross-domain request does not carry out preflight request, complex requests will only be preflight request.
Cross-domain request in two ways: a simple request, complex requests;
Either of the following conditions is complex requests:
1. Use put / delete / patch / post;
2. json data transmission format (content-type: application / json)
3. with a custom request header;
Other cases can be understood as a simple request.
Why the need for complex cross-domain request Request Preflight ?
Complex requests may have adverse effect on the data server. For example, delete or put, will modify the data on the server, so they have to ask the server before the request, after the current page where the domain name is in the list of license server, allowing the server, the browser will issue a formal request, or not send a formal request.