Disable preflight OPTION request when sending a cross domain request with custom HTTP header
I've just found out that my browser was sending an extra "OPTION" request when trying to make a cross domain ajax call with a custom http header. I presume it is called "preflight request".
Is it possible to disable this functionality and just send the initial request ?
This is my javascript testing code :
$(document).ready(function() {
$.ajax({
url: "http://google.fr",
crossDomain: true,
headers: {
"X-custom-parameter": true
}
});
});
Thanks for helping!
Answer
No, it is definitely not possible to bypass the CORS preflight request. The preflight request exists to allow cross-domain requests in a safe manner. In your example above, you are trying to access google.fr, but google.fr doesn't support CORS. There is no way around this for Google, since Google doesn't support cross-domain requests on its web page. In general, if you have ownership of the server, your options are to support CORS, support alternative cross-domain hacks like JSON-P, or use a server-side proxy.