Quality] - Cors Chrome [extra

When you make a cross-origin request in Chrome, the browser doesn't just send the request immediately. Instead, it follows a specific handshake process:

open -n -a /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --args --user-data-dir="/tmp/chrome_dev_test" --disable-web-security cors chrome

| Request Type | Chrome’s Behavior | |--------------|------------------| | Same-origin | Allowed without CORS headers | | Cross-origin, simple | Allowed if server returns Access-Control-Allow-Origin matching the origin or * | | Cross-origin, with credentials (cookies) | Access-Control-Allow-Origin cannot be * ; must be explicit; Access-Control-Allow-Credentials: true required | | Cross-origin, custom header | Preflight OPTIONS request sent | When you make a cross-origin request in Chrome,