We all know cors request classified into two categories: simple request GET, POST, the Option; the other is a complicated request. Details View https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Access_control_CORS
Scene: In many cases send a post request, results have shown that two requests (an option request, a post request)
First, what is the request options
That request preflight OPTIONS request, the server allows for detection http method.
Total will send two requests. When initiating cross-domain request, for security reasons, certain conditions will trigger the browser before a formal request to initiate automatic OPTIONS request, which is the first request.
If the server accepts the cross-domain requests, then when the options request returns successfully, the browser continues to initiate a second request, which is a real ajax request.
Second, the cross-domain requests trigger conditions
1、http方法:PUT/DELETE/CONNECT/OPTIONS/TRACE/PATCH
2 , header fields except the following fields: Accept / Accept-Language / Content -Language / Content-Type / DPR / Downlink / Save-Data / Viewport-Width / Width
. 3 , the Type-the Content except the following fields: file application / X-WWW-form-urlencoded , multipart / form-Data , text / Plain
Note: usually the content-type: application / json
The Request--Control-Access Method, : This field is required, the browser is listed for CORS request which will use HTTP method.
The Request--Control-Access Headers : This field is a comma-separated string that specifies the browser CORS request header field extra transmitted.
Once the server through a " preflight " request, after each browser normal CORS request, as it related to a simple request, there will be a Origin header field.
Preflight returns response headers, did not return entity content