Angular2 OPTIONS method sent when asking for http.GET [duplicate]
This is the way CORS works (when using cross domain requests). With CORS, the remote Web application (here the one with domain mydomain.org) chooses if the request can be served thanks to a set of specific headers.
The CORS specification distinguishes two distinct use cases:
- Simple requests. This use case applies if we use HTTP GET, HEAD and POST methods. In the case of POST methods, only content types with the following values are supported: text/plain, application/x-www-form-urlencoded and multipart/form-data.
- Preflighted requests. When the ‘simple requests’ use case doesn’t apply, a first request (with the HTTP OPTIONS method) is made to check what can be done in the context of cross-domain requests.
It's not Angular2 that sends the OPTIONS request but the browser itself. It's not something related to Angular.
For more details, you could have a look at this article:
Why am I getting an OPTIONS request instead of a GET request?
That is a CORS preflight request that is generated by the browser itself.
See also
- How to disable OPTIONS request?
The server needs to be configured to support CORS requests, only then the actual GET request is sent by the browser after the OPTIONS request.
See also
- "No 'Access-Control-Allow-Origin' header is present on the requested resource"- https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
Access-Control-Allow-Credentials
Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.