CORS - What is the motivation behind introducing preflight requests?

Question

Cross-origin resource sharing is a mechanism that allows a web page to make XMLHttpRequests to another domain (from wikipedia).

I\'ve been fiddling with COR

Answer 1

CORS allows you to specify more headers and method types than was previously possible with cross-origin or

.

Some servers could have been (poorly) protected with the assumption that a browser cannot make, e.g. cross-origin DELETE request or cross-origin request with X-Requested-With header, so such requests are "trusted".

To make sure that server really-really supports CORS and not just happens to respond to random requests, the preflight is executed.