CORS, Preflight Request, OPTIONS Method | Access Control Allow Origin Error Explained

Hi Akshay, I learned a lot from this video. However I have a small correction to point out. At 06:50 you have written it as `accept-control-allow-origin: * ` while it is `access-control-allow-origin: *`. Extremely sorry for pointing out but some other beginner may capture it wrongly. Kindly put a patch message on screen while that portion is playing.

Your series is nothing but AMAZING!

"Thank you, my friend, for providing such a straightforward and simplified explanation of how CORS works. Your explanation has helped me understand this topic better. Great job!"

Recently (two days back😁) I had my Full-stack Interview and they asked me about the middlewares😅 (Which I explained Using the example of Cors :) but that time I have only a little knowledge about cors (The interview went well but this question really scratch my head) And now after this, I can explain cors easily thanks to you sir😁🔥

This is the reason why every developer is the fan and in love with you, you teach the things in the way they are to be delivered to the consumers/audience..
I want to mention this to, before whenever I used to watch content of any other youtuber it was quite obvious that I yawned for 2-3 times, but here whenever I watch your videos I never do that (or it wont come also), instead at this time I was very sleepy, but before going to sleep I just want to clear out this topic and now here I'm ready to move to you another video with full energy.
Thanks bhaiya for making such a wonderful content..😍😍

No other video could explain CORS soo briefly and easily. Thankyou Akshay♥️♥️

Bhai tune jo bataya na jis way m, jaise explain kiya man gaya teko aajtk smjhi nahi thi ye concept etni achese thank you man

Apart from detailed content, I admire your effort for including commonly asked interview questions.

Amazing work. I like the idea of explaining to whiteboard, really helped me understand the logic behind cors, this is what great teachers do.

the way you explain cors is outstanding really loved it

Finally, I understand how CORS works. This was awesome. Got to learn a lot.

Very explicit and right to the point explanation!

ok this is the first time someone actually explained what CORS is instead of just giving 10 different ways to get rid of the error, just a header ! lol

These are a great set of videos! Keep up the good work :)

Thank you so much sir. I was searching for the same in few months back, Today randomaly i watched your video and get to know that why my react app was not able to fetch data from API when i run it on another server like 3001. Thanks you so much sir for sharing your Efforts and knowledge. Love ❤️ and Support.

Thanks Akshay for sharing beautiful explanation about CORS. Its really most frequently asked questions in interview.

Beautiful video. Great job! Easy to understand.

Thanks Akshay :) This really helped in my understanding of CORS concept and resolving most request calls issue while developing projects :)

This is what I was looking for!! Excellent video.

Thanks @Akshay this video is so useful for not only a developer but Pentester like us.

Perfect Video! thanks a lot for such a nice and detailed explanation about CORS :)

Excellent. Understood the concept. Thanks.

Thanks a lot Akshay, I was stuck at my project due to this, and your video resolved the issue. Doing great work bro. 😇

Hi Akshay, thanks for your extremely helpful videos. Would request you to please help to understand the concept of microservices and how a JavaScript based app fits into this

Now i completely understood what cors is
Thank you

Hey Akshay, thanks a lot for uploading such informative videos. Could you please upload tutorials on JS Engine and how Web APIs, Callback Queues, Event loop works together with JS Engine to run JS on browser

thanks for this video...i learned alot

Wow awesome bro clear explanation love you !.....
The image which you shared API request to data response from server is super....

Your material is awesome maan.

Amazing video sir, very easy to understand.

What a gem!
Thank you sir.

Thank you Akshay...this is really helpful 👍

Please make a video on web workers and service workers. I find it hard to understand. Your videos are very informative..Thanks a lot for sharing them.

Thanks a lot. I have learned a lot form your videos explanation today I am having a big interview coming up today thanks a lot for the video again

Hi Akshay ur way of explaining is 🔥, If u reading this then pls make a video on closure beleive me you will get blessings of many developers like me

Thanks man....this helped me a lot.

good explanation about CORS. it is very useful

Somehow he managed to clear the interview ,that doesn't mean anyone can clear the interview by following these videos

Really nice tutorial for CORS ...

Very useul resource ! Thank you

Thanks! Forever thankful!

Hi Akshay,
as always, i learn something new from your video. Please create video on micro services as well
Thanks

awesome brother really nicely you explain.

Best explanation in the market

Awesome video Akshay !! you rock

Thanks a lot! Great video bhaiya

The video is on point.

Really helpful!!

Special thanks for this video 🤟💯💯

So cool! , I'd love it if some images could pop as you speak to explain, than plain talking, it'll look interactive

Just about time Akshay! I have an interview tomorrow ... Hope it will help :) Thanks

Great work man! thanks

awesome yaar... well explained!!

Bro, Fantastic Job!

Nice video showing what is going on under the hood. Personally, there was no live example showed in code, browser etc

Thanks for the video Akshay! But can you have the light source directed at the white board and not at the top? its difficult to see the content written with the overhead lights.

only a legend can explain legendary concepts

Thankyou so much for this video

Thank you for the wonderful knowledge.
How to resolve the cors error

Great explanation but there was a mistake in the video.
the response header is access-control-allow-origin and not accept-control-allow-origin.

Hmm, got it. However, was expecting more details with example, like other videos in the interview series.

hi Akshay, very well explained, but could you pl suggest what we can handle OPTIONS method timedout case just before POST? Thank you in advance!

Great explanation

Nice explanation one query How browser decide to make a pre-flight request what are these steps?

It would be helpfull if you can practically demonstrated this concept like your other videos you always start with your screen sharing. Please can you make other video with ref to this by showing on same localhsot with diff ports communicating with and without CORS compliances of header supported , it would be grate help to all of us if you can do this.

Hi akshay, excellent teaching. Lots of thanks but i have a question. 1.When we direct api url hit in browser url adress then how it works? 2.when we call using fetch then how it will work?

Hi Akshay, I really liked the video. There's a correction in the video where you've shown the example of preflight request require before the POST request. But POST is listed as a method that doesn't require preflights in CORS. It's DELETE, HEAD, PUT which generally requires preflight request.

please do more videos on js. Thanks

Thanks for sharing.

Best Explanation :)

great explanation

Very nice explained

In beginning about 2 months ago I thought your videos are not of work!
And 2 months later, here is me finding these very important and I have already seen most of your upload😂😂;
Thank you Saini sir ❤️🦄🦄🦄🦄;

Akshay bro can u pls create a series such that we can follow in sequence from beginner to advanced js and in bw those vedio interview q discussed as per that topic. Many people wanna learn core js from u and in sequence bro step by step . Automatic you will cover topic as asked intrvw

Hey Akshay, Can you create Micro frontend learning video , it would be great to all developer for learning and also this concepts running in current market. Thanks in Advance

Hey, great video man

I watched some MERN app tutorials using cors() middleware on express server side to allow reaact app to hit express api routes, Is that bypassing and compromising the security somehow? Because server side doesnot have app any specific port info(for local development) as to which origin to allow and which not 🤔

hi ,your explanation is good and you mentioned something like CORS is not error and we make some mistake some thing kind of thing. can you explain more on that, what is mistake from our end if CROS policy not enabled at server end in which we don't have any control over it(i.e Third party API).
2) If don't have access or control over server side to make changes, how to Handel this error at client side??

Great video

Nice explaination

Great Video Sir

Thanks for the session, it was helpful. Can you make a session on csrf token. It would be helpful.

great work👏

Hi Akshay,
First of all thanks for the sharing the information. Appreciate it :)
I would like to know few more about CORs. Please help me out.
I have hosted the API in my server with PHP application & client is consuming it via angular.
Client getting 405 and cors blocked errors while i have allowed all origin & get all header in my application including options.
Could you please suggest how i can resolve it.??
Thanks in advance.

very helpful video

thanks for this video

Options request is still showing in firefox , even if it has removed from Access-Control-Allow-methods

Aren't front end and back end of a web application hosted on different domains? How does that not cause CORS issue?

Hey Akshay great fan of yours!
Great video!
Can u make a video of how you got into Uber and what shall we do to get into it?
Currently I'm in my final year of Btech!
Also can you suggest some good resources where I can find all these trending web services?

10:35 I have just learned about CORS recently and I have a question about by-passing CORS security mechanism. As I understand; the CORS configurations are made at the server side to handle cross origin resources access/sharing. So, does it even make sense to have a browser plugin or to start the browser with specific flags to by-pass CORS?

Hi Akshay, api calling twice one is options and 2nd one is post request .can we hide that option request into the network?

Thanks You Bhai

Nice topic

I didn't get the part where you said preflight calls are made to check if the request is valid/safe. I mean in what sense it should be safe/valid?

Can you explain about access-control-allow-headers:content-type, x-session specially what is x-session in details.

Good video, but the technical details were not conveyed properly. But yes, it does set up some pretext post which one definitely has to go through some online documents.

Thank you

Akshay what is the use of preflight/options request. Why it can be ignored some times.

Please make series on microservices nowdays it is very popular not a good content avilable at youtube except you

Thanks Sir