Exploitation

Preflight request

Sometimes application requires to get preflight request before sending the target request.

For example before sending this request:

POST /createAdmin

There can be send automatically the following preflight:

OPTIONS /createAdmin

Which tells the browser whether the subsequent request can be sent. Standard GET, HEAD, and POST requests do not trigger a preflight check. However, requests using other HTTP methods, custom headers, or POST requests with nonstandard content types will require a preflight request.

PreviousPrerequisites of Exploitation NextClient Side Request Forgery (CSRF)

Last updated 3 months ago