1 year ago

In modern web applications, it’s a common pattern to serve the web API and the frontend app from different subdomains: https://api.example.com: your web API, usually serving JSON documents https://example.com: your web application, usually built in JavaScript, generating HTML documents from the raw JSON data retrieved from the API When serving your API from a different https://developer.mozilla.org/en-US/docs/Glossary/Origin than the frontend application, browsers will automatically send an additional OPTIONS request before any request is made to the API.

These preflight requests ensure that the frontend app is allowed to interact with the resources served by the API. As https://nickolinger.com/blog/2021-08-04-you-dont-need-that-cors-request/, these preflight requests add unnecessary latency, slow down applications, waste battery on mobile devices, and increase servers load.

The solution to prevent these preflight requests is simple: serve the API and the frontend application from the same origin!