What is CORS Preflight?
An automatic OPTIONS request sent by browsers before certain cross-origin requests to check if the actual request is permitted.
Browsers send preflight (OPTIONS) requests for cross-origin requests that use non-simple methods (PUT, DELETE), custom headers, or non-standard content types. The server must respond with appropriate CORS headers permitting the actual request.
Preflight responses are cached (Access-Control-Max-Age) to avoid repeated OPTIONS requests. Missing or incorrect preflight responses are a common cause of CORS errors during development.