A basic CORS request is allowed to use one of only two methods:
and only a few select headers. POST CORS requests can additionally choose from only three content types.
To avoid this issue, requests that wish to use other methods, headers, or content types must first issue a preflight request, which is an
OPTIONS request that includes access-control Request headers. For example, this is a preflight request that checks if the server will accept a
PUT request that includes a
OPTIONS /cors HTTP/1.1 Host: example.com Origin: example.org Access-Control-Request-Method: PUT Access-Control-Request-Headers: DNT