forked from howframework/Laravel
-
Notifications
You must be signed in to change notification settings - Fork 0
CORS
Dharmvijay Patel edited this page Jun 7, 2019
·
3 revisions
When performing certain types of cross-domain Ajax requests, modern browsers that support CORS will insert an extra "preflight" request to determine whether they have permission to perform the action.
OPTIONS / Host: service.example.com Origin: http://www.example.com
If service.example.com is willing to accept the action, it may respond with the following headers:
Access-Control-Allow-Origin: http://www.example.com Access-Control-Allow-Methods: PUT, DELETE
The HTTP headers that relate to CORS are
=== Request headers ===
- Origin
- Access-Control-Request-Method
- Access-Control-Request-Headers
=== Response headers ===
- Access-Control-Allow-Origin
- Access-Control-Allow-Credentials
- Access-Control-Expose-Headers
- Access-Control-Max-Age
- Access-Control-Allow-Methods
- Access-Control-Allow-Headers