mathbong
KO
Glossary coding Term Page

CORS Preflight

Browser-issued OPTIONS request that checks cross-origin permissions before the actual call.

cors-preflight #web-security#fastapi
Korean version

Aliases

preflight requestCORS preflight

Related Concepts

CORSHTTPOriginAuthorization HeaderSecurity Headers

Core Idea

A CORS preflight is an automatic OPTIONS request sent by the browser before specific cross-origin calls. It carries Access-Control-Request-* headers describing the upcoming request, and the server must answer with matching Access-Control-Allow-* headers. When the response is missing or mismatched, the browser blocks the real request before it can even reach your API logic.

Why It Matters Here

FastAPI relies on CORSMiddleware to craft correct preflight responses, including max_age so the browser can cache the outcome. Understanding preflight timing explains why you should add security headers and rate limits after CORS: if preflight fails, the rest of your protective layers never run.

Posts Mentioning This Concept

[FastAPI 시리즈 16편] CORS와 기본 보안 레이어 갖추기 프런트엔드 연동을 위한 CORS 설정과 헤더, 속도 제한, 기본 보안 헤더 적용 방법을 다룹니다.[FastAPI Series 16] Configuring CORS and a Basic Security Layer Learn how to safely connect your FastAPI backend to frontend applications by configuring CORS, setting up rate limits, and adding essential security headers.