This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Browser OPTIONS preflight call is conditioned to skip verify oauth policy

Posted on 10-07-2019 05:36 PM
sunilrai-1
New Member
Reply posted on --/--/---- --:-- AM

Is there a way browser can send Authorization Bearer token in OPTION preflight call?

We have placed condition to bypass the token verification policy so that OPTION call will pass as we saw the react single page application/browser was not sending Bearer token in Authorization header so it was always failing.

As per below article :

https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request

A CORS preflight request is a CORS request that checks to see if the CORS protocol is understood and a server is aware using specific methods and headers.

It is an OPTIONS request, using three HTTP request headers: Access-Control-Request-Method, Access-Control-Request-Headers, and the Origin header.

Seems browser can't send any other header than above mentioned?

0 1 1,437
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
cjking
Staff
Reply posted on --/--/---- --:-- AM

Browsers are required by specification to exclude any authentication information from CORS requests: https://www.w3.org/TR/2014/REC-cors-20140116/#cross-origin-request-with-preflight