|
|
|
|
|
|
by hunter2_
2046 days ago
|
|
|
No, when a script tells a browsers to make a cross-origin request such as a GET or POST, the browser first makes a "pre-flight" request (without the payload) using the OPTIONS method to see what CORS-related response headers come back. If headers are returned that allow for it to proceed, the browser then makes whatever request the script asked for. The network tab of developer tools should reveal all of this. |
|
|