My FE application uses an API from another domain. I know that it should run CORS, but as I understand it, it should not create a preliminary check for each request.
According to the documentation , I should not have a preliminary request for the method GET.
Cross-site requests are preflighted like this since they may have implications to
user data. In particular, a request is preflighted if:
- It uses methods other than GET, HEAD or POST.
Also, if POST is used to send request data with a Content-Type
other than application/x-www-form-urlencoded, multipart/form-data,
or text/plain, e.g. if the POST request sends an XML payload to the
server using application/xml or text/xml, then the request is preflighted.
- It sets custom headers in the request
(e.g. the request uses a header such as X-PINGOTHER)
However, each sent request has a preliminary (OPTIONS) request, regardless of whether it is received or POST, and I find this strange (in accordance with what is said in the documentation).
I set some headers (and post them using withCredentials: true), but I don't see that this should be a problem:
headers.append('Access-Control-Allow-Origin', FRONTEND_URL);
headers.append('Accept', 'application/json');
headers.append('Content-Type', 'application/json');
headers.append('Authorization', this._generateApiKey());
headers.append('Language', this._languageISOCode);
Did I miss something?