What keeps us busy?
Our stories from the Trenches.

Posts in category webapi

Cross-Origin Resource Sharing Preflight Request Caching in Webapi and C#

Written by Sepp Wijnands on Tuesday 5 November 2013 in webapi

If you want to be able to make Cross-Domain JSON requests from a web client you are probably already familiar with CORS.

In broad terms, CORS is a mechanism that gives HTTP servers the ability to control whether a cross domain XHR request from a client is allowed or should be rejected.

A HTTP server can accept or reject a client on several different criteria, some of these are:

  • The origin from the client (the domain from which the request comes from, supplied by the Origin HTTP header)
  • The request method (POST, GET, etc...)
  • Additional HTTP request headers (X-ZUMO-APPLICATION, etc...)
  • Credentials such as cookies and/or user authentication

Depending on which magic combination of features you use (from the above list) in a request, the browser will first issue a so called Preflight Request to the server before putting your actual request through.

It does this for every request you make, which might not be what you want.

Since 2006 our products and services have helped hundreds of people optimize their daily business: