When does fetch trigger a CORS preflight, and what POST is complex?
Tests whether you know the simple-request boundary. A strong answer names the three safe POST content-types and gives a cross-origin POST with application/json plus a custom header like Authorization.
Tests whether you know the exact simple-request boundary that triggers an OPTIONS preflight. A strong answer explains that cross-origin requests preflight when they are not simple, meaning they use a method other than GET or HEAD, or they use POST with non-safelisted headers or a Content-Type outside text/plain, application/x-www-form-urlencoded, and multipart/form-data. It then describes a complex POST, such as one with Content-Type application/json and a custom Authorization header.
Read the original → developer.mozilla.org
- #cors
- #fetch
- #http
- #web-apis
- #browser
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.