When your script is running on one domain and
your script request for a resource to other domain by using the XmlHttpRequest or XDomainRequst that this mechanism is called cross-origin Request.
Mythological, for security reasons these types
of requests have been prohibited by browsers.
For
example we can say
If your script on your page is running from
code-sample.com domain and request a resource
to angulardoc.com domain by the
XmlHttpRequest or XDomainRequst, this is a cross-origin request. Historically, for security reasons these
types of requests have been prohibited by browsers.
The CORS mechanism works to adding HTTP headers
to cross-domain HTTP requests and responses.
Pre-flight Request for CORS : Is used to check
the validate to the cross-domain HTTP requests and responses
Steps of pre-flight requests of CORS
specification requires browsers as given below.
1. Use to
request methods other than GET, POST, or HEAD etc.
2. Use to custom headers for each request
3. Use to request bodies with Content-Type other
than text/plain, application/x-www-form-url encoded, or multipart/form-data
etc.
Thank you!