įor security reasons, browsers restrict cross-origin HTTP requests initiated from scripts. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.Īn example of a cross-origin request: the front-end JavaScript code served from uses XMLHttpRequest to make a request for. CORS also relies on a mechanism by which browsers make a 'preflight' request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. Cross-Origin Resource Sharing ( CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading of resources.
