I need to add some common extra info (needs to be sent with most of our http requests) to cross domain http requests, the extra data is something like device info or location info. We are using custom http headers for these info currently, but the custom header will make the browser to send an preflight request before the real http request, so we want to remove the preflight request for performance considerations. We considered using cookie firstly, but since the request is cross-domain, we can't set cookie for the domain of our API with javascript. Then I searched for documents, According to Mozilla docs:
In particular, a request is preflighted if:
It uses methods other than GET, HEAD or POST. Also, if POST is used to send request data with a Content-Type other than application/x-www-form-urlencoded, multipart/form-data, or text/plain, e.g. if the POST request sends an XML payload to the server using application/xml or text/xml, then the request is preflighted.
It sets custom headers in the request (e.g. the request uses a header such as X-PINGOTHER)
So I thought if I use a standard http header which is seldom used: the "From" header, it will not trigger the options request. but after I test this, I found I was wrong, the "From" header still trigger the options request.
So I have two questions:
- Why does a standard http header trigger the preflight request?
- How should I send the extra info without trigger the preflight request?
Any helps will be appreciated.