Y
Hacker News
new
|
ask
|
show
|
jobs
by
lostcolony
2843 days ago
Yes. There are a few safelisted headers (and relatedly, content-types) that do not trigger a pre-flight; any GET that uses something outside of them (such as 'authorization") gets preflighted.