All geek questions in one place

Why are multiple OPTIONS requests sent even if Access-Control-Allow-Origin is set to *?

I created an API (api.example.com) and want it to be accessible from www.example.com
I also want it to be accessible from other domains.

For this, I added Access-Control-Allow-Origin: *

But when I open www.example.com, the pre-flight request (OPTIONS request) is sent before all api requests.
How to stop several requests before the flight? I think there should be only one pre-flight request, what am I doing wrong !? Or is it natural that the browser must send a request before the flight before each call?
Note. I do not want to use JSONP as I make it publicly available. Access-Control-Allow-Origin: *

OPTIONS Header call

Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:accept, authorization
Access-Control-Request-Method:GET
AlexaToolbar-ALX_NS_PH:AlexaToolbar/alxg-3.2
Connection:keep-alive
Host:api.touchtalent.biz
Origin:http://www.example.com
Referer:http://www.example.com/artist/52894/pratim-relekar
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36

OPTIONS Answer call

Access-Control-Allow-Headers:origin, x-requested-with, content-type, Authorization
Access-Control-Allow-Methods:PUT, GET, POST, DELETE
Access-Control-Allow-Origin:*
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:163
Content-Type:text/html
Date:Fri, 13 Jun 2014 14:24:55 GMT
Keep-Alive:timeout=5, max=98
Server:Apache/2.2.22 (Ubuntu)
Vary:Accept-Encoding
X-Powered-By:PHP/5.4.6-1ubuntu1.8

GET request request header

Accept:application/json, text/plain, */*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
AlexaToolbar-ALX_NS_PH:AlexaToolbar/alxg-3.2
Authorization:Bearer VtQJqaTGd7YFb8Mee6GfiLwiRrUdt2iCp9ITuiUE
Connection:keep-alive
Host:api.touchtalent.biz
Origin:http://www.example.com
Referer:http://www.example.com/artist/52894/pratim-relekar
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36

GET response request header

Access-Control-Allow-Headers:origin, x-requested-with, content-type, Authorization
Access-Control-Allow-Methods:PUT, GET, POST, DELETE
Access-Control-Allow-Origin:*
Connection:Keep-Alive
Content-Length:1116
Content-Type:application/json
Date:Fri, 13 Jun 2014 14:24:55 GMT
Keep-Alive:timeout=5, max=97
Server:Apache/2.2.22 (Ubuntu)
Status:200
X-Powered-By:PHP/5.4.6-1ubuntu1.8

Although I didn’t want to provide the url as it will break as development continues. But if this can help: http://www.touchtalent.biz/home

1:
Authorization:Bearer VtQJqaTGd7YFb8Mee6GfiLwiRrUdt2iCp9ITuiUE, .
oauth. - . ?
2:
Access-Control-Max-Age, . ( URL-) OPTIONS.

+4
2

Content-Type "application/json". - Content-Type "text/plain" . application/x-www-form-urlencoded Content-Types , , , .

, Angular X- .

+1

Source: https://habr.com/ru/post/1544496/

More articles:


All Articles