How to resolve ‘preflight is invalid (redirect)’ or ‘redirect is not allowed for a preflight request’

Short answer: Make the request URL in your code isn’t missing a trailing slash.

A missing-trailing-slash problem is the most-common cause of the error cited in the question.

But that’s not the only cause — just the most common. Read on for more details.

When you see this error, it means your code is triggering your browser to send a CORS preflight OPTIONS request, and the server’s responding with a 3xx redirect. To avoid the error, your request needs to get a 2xx success response instead.

You may be able to adjust your code to avoid triggering browsers to send the OPTIONS request.

As far as what all’s going on in this case, it’s important to know browsers do a CORS preflight if:

  • the request method is anything other than GETHEAD, or POST
  • you’ve set custom request headers other than AcceptAccept-LanguageContent-LanguageContent-TypeDPRDownlinkSave-DataViewport-Width, or Width
  • the Content-Type request header has a value other than application/x-www-form-urlencodedmultipart/form-data, or text/plain

If you can’t change your code to avoid need for browsers to do a preflight, another option is:

  1. Examine the URL in the Location response header in the response to the OPTIONS request.
  2. Change your code to make the request to that other URL directly instead.

The difference between the URLs might be something as simple as a trailing slash in the path — for example, you may need to change the URL in your code to add a trailing slash — e.g., http://localhost/api/auth/login/ (notice the trailing slash) rather than http://localhost/api/auth/login (no trailing slash) — or you might instead need to remove a trailing slash.

You can use the Network pane in browser devtools to examine the response to the OPTIONS request and to find the redirect URL in the value of the Location response header.

Related Posts:

  1. No ‘Access-Control-Allow-Origin’ header is present on the requested resource—when trying to get data from a REST API
  2. How does Access-Control-Allow-Origin header work?
  3. Visual List of iOS Fonts?
  4. How to get rid of the “No bootable medium found!” error in Virtual Box? [closed]
  5. Cross-Origin Read Blocking (CORB)
  6. ‘git’ is not recognized as an internal or external command
  7. what is svn? and how to use it with project?
  8. How can I write a `try`/`except` block that catches all exceptions?
  9. How do I decompile a .dll file?
  10. What’s the purpose of git-mv?
  11. How to enable CORS in flask
  12. How to write trycatch in R
  13. how to use proxy on youtube-dl?
  14. Axios having CORS issue
  15. SSH -X “Warning: untrusted X11 forwarding setup failed: xauth key data not generated”
  16. LINQ equivalent of foreach for IEnumerable
  17. How to do vlookup and fill down (like in Excel) in R?
  18. Using “super” in C++
  19. What is the difference between application server and web server?
  20. what is the difference between OLE DB and ODBC data sources?
  21. How to create a custom coder?
  22. Git push won’t do anything (everything up-to-date)
  23. How to use vmImage on pipeline using Azure DevOps Server?
  24. git add . -> still “nothing to commit” with new files
  25. git submodule add error: does not have a commit checked out
  26. “The certificate chain was issued by an authority that is not trusted” when connecting DB in VM Role from Azure website
  27. What’s the complete range for Chinese characters in Unicode?
  28. Is there an operation for not less than or not greater than in python?
  29. Resource interpreted as stylesheet but transferred with MIME type text/html (seems not related with web server)
  30. Background color for Tk in Python
  31. how to uninstall MinGW and make cygwin ‘make’ as deafult make program with gcc 3.8.1
  32. Optional Parameters in Go?
  33. PostgreSQL: Remotely connecting to Postgres instance using psql command
  34. Android – Package Name convention
  35. How to execute an oracle stored procedure?
  36. How do I time a method’s execution in Java?
  37. -bash: export: `=’: not a valid identifier
  38. Error “The goal you specified requires a project to execute but there is no POM in this directory” after executing maven command
  39. Error in glm() in R
  40. What is a good Hash Function?
  41. Excel Filters – show only relevant values in the filter
  42. Unable to convert 3d ply file image to 2d image
  43. Get a random item from a JavaScript array
  44. Origin null is not allowed by Access-Control-Allow-Origin
  45. Plotting horizontal and vertical lines in Mathematica
  46. Error while waiting for device: Time out after 300seconds waiting for emulator to come online
  47. How to transparent Unity3D custom shader?
  48. Converting string to integer VB.NET
  49. Remove node_modules from git in vscode
  50. How do you change session timeout in IIS 8.5?
  51. Is it valid to have a html form inside another html form?
  52. what is shortcut command to kill process in windows command?
  53. Differentiate between function overloading and function overriding
  54. How to print variable in sml?
  55. Representing EOF in C code?
  56. “Cross origin requests are only supported for HTTP.” error when loading a local file
  57. How to disable an Android button?
  58. How to set initial value and auto increment in MySQL?
  59. Chrome Broweser: csi.gstatic.com keeps loading
  60. How do you convert an entire directory with ffmpeg?
  61. How can an Admin access the Google Drive contents of all the users in a particular domain?
  62. PSEXEC, access denied errors
  63. How do you define a global function in C++?
  64. A _disk_id.pod file appears on a windows flash drive
  65. What standard do language codes of the form “zh-Hans” belong to?
  66. AngularJS POST Fails: Response for preflight has invalid HTTP status code 404
  67. What is the proof of of (N–1) + (N–2) + (N–3) + … + 1= N*(N–1)/2 
  68. Merge posts plugin? [closed]
  69. Add Woocommerce product to cart with Contact Form 7 [closed]
  70. How to See Everything in get_option()?
  71. How can I prevent the WordPress Importer from munging double-newline paragraph breaks to a single newline?
  72. Slow WP Site, theme.php not caching? Up to 25 second load time! [closed]
  73. A Compare And Distinction Essay Define To Beat Writer’s Block
  74. 27 Outstanding Faculty Essay Examples
  75. The Way To Write An Essay Outline In Four Steps
  76. How to hide subfolder of static pages in WordPress using htaccess
  77. Javascript: Add anchor hashtag to URL, and reload
  78. How do I add Access-Control-Allow-Origin in NGINX?
  79. Any benefit or detriment from removing a pagefile on an 8 GB RAM machine?
  80. How do I view the details of a digital certificate .cer file?
  81. How do you validate fstab without rebooting?
  82. DNS – NSLOOKUP what is the meaning of the non-authoritative answer?
  83. Why can’t a CNAME record be used at the apex (aka root) of a domain?
  84. How can I upgrade to Java 1.8 on an Amazon Linux Server?
  85. What port should I open to allow remote desktop?
  86. Can you help me with my capacity planning?
  87. Cheat Sheets for System Administrators?
  88. Amazon EC2 terminology – AMI vs. EBS vs. Snapshot vs. Volume
  89. How to change an EC2 instance’s security group
  90. What type of DNS record is needed to make a subdomain?
  91. Multiple SSL domains on the same IP address and same port?
  92. IPTABLES – Limit rate of a specific incoming IP
  93. How to set default Ansible username/password for SSH connection?
  94. Can I make `find` return non-0 when no matching files are found?
  95. Proxy Error 502 “Reason: Error reading from remote server” with Apache 2.2.3 (Debian) mod_proxy and Jetty 6.1.18
  96. What is the difference between service and systemctl?
  97. Rsync creates a directory with the same name inside of destination directory
  98. How Often Do Windows Servers Need to be Restarted?
  99. sudoers: how to disable requiretty per user
  100. dig show only answer

Leave a Comment