Pre-flighted JavaScript requests

PUT request with missing Access-Control-Allow-Origin header

Summary

JavaScript code can make a cross-origin PUT request. The response to the pre-flight request must include an Access-Control-Allow-Origin header, otherwise the browser won’t make the main request.

Instructions

  1. Hit green button below and see that request fails
  2. Press F12 to open browser Developer Tools
  3. Open Console tab and see error message “Response to preflight request … No ‘Access-Control-Allow-Origin’ header is present on the requested resource.”
« Previous
Index
View source on GitHub | Created by Tom Gregory