javascript - Why does CORS need to preflight some requests?

Question

CORS requests are divided into simple requests and non-simple requests. For non-simple requests, the CORS definition needs to initiate a pre-check for these non-simple requests, that is, initiate an option request, and wait until it is confirmed that the server allows cross-domain Resend the original non-simple request, so I want to ask why preflight is needed?

Here is an answer on the stack. I don’t understand it very well. Is there anyone willing to translate it or briefly summarize it?

http://stackoverflow.com/ques...

黄舟 · Answer

If you want to go to someone’s house to get something, you must get the owner’s permission

巴扎黑 · Answer

Cross-domain is caused by the same-origin policy of the browser.
Pre-request is the behavior of the browser. It takes the current domain name and asks the server if it can pass.

PHP中文网 · Answer

The two most commonly used ones
get does not have cross-domain by default, which means that if you allow get, you will have the expectation that it will be taken away by others. jsonp takes advantage of this;
post has cross-domain because it will affect resources according to the meaning. Must be inspected first.

某草草 · Answer

For those HTTP request methods that may have side effects on server data (especially HTTP requests other than GET, or POST requests with certain MIME types), the browser must first use the OPTIONS method to initiate a preflight request. Thereby knowing whether the server allows the cross-domain request. After the server confirms permission, it initiates the actual HTTP request. In the return of the preflight request, the server can also notify the client whether it needs to carry identity credentials (including cookies and HTTP authentication related data).

———— HTTP Access Control (CORS)