For non-standard requests (HTTP Request that is not GET) like:
- Has cookies
- Has non-standard content type
- Has custom headers (Authorization, X-*) The browser will first send a preflight check to ask if the server allows that type of request
Preflight Process
- The client sends a OPTIONS request asking the server if the origin server is within the server’s whitelist
- The server responds, with a message indicating:
- If the request method is allowed
- The Access-Control-Max-Age time so that this preflight response status can be cached in the browser
