On Thu, Feb 19, 2015 at 11:43 AM, Brian Smith <br...@briansmith.org> wrote: > 1. Preflight is only necessary for a subset of CORS requests. > Preflight is never done for GET or HEAD, and you can avoid preflight > for POST requests by making your API accept data in a format that > matches what HTML forms post. Therefore, we're only talking about PUT, > DELETE, less common forms of POST, and other less commonly-used > methods.
Euh, if you completely ignore headers, sure. But most HTTP APIs will use some amount of custom headers, meaning *all* methods require a preflight. -- https://annevankesteren.nl/