CORS Preflight Request Failed — OPTIONS Request Blocked or Missing Headers

Fix CORS preflight failures where the browser's OPTIONS request is blocked, returns wrong headers, or the server does not handle preflight correctly. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.

Here are the key things to understand: CORS preflight is an OPTIONS request sent before cross-origin requests that use custom headers or non-simple methods. The preflight checks if the server allows the actual request method, headers, and origin. Preflight is triggered by: custom headers, methods other than GET/POST/HEAD, non-simple content types. The server must respond to OPTIONS with Access-Control-Allow-Origin, -Methods, and -Headers. Preflight responses can be cached using Access-Control-Max-Age header to reduce overhead. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.

The most common reasons this occurs include: Server does not handle OPTIONS method — returns 404, 405, or 500 instead of 200/204. Access-Control-Allow-Headers missing the custom header used in the actual request. Access-Control-Allow-Methods does not include the HTTP method of the actual request (PUT, DELETE, PATCH). Server-side authentication middleware rejecting the OPTIONS request that has no credentials. Identifying the root cause is the first step toward finding the right solution.

To resolve this, follow these recommended steps: Check the preflight response: DevTools > Network > filter by the request > find the OPTIONS request. Ensure the server handles OPTIONS explicitly: return 204 No Content with the correct CORS headers. Add all custom headers to Access-Control-Allow-Headers: Authorization, Content-Type, X-Custom-Header. Add all needed methods to Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS. Exclude OPTIONS requests from authentication middleware — preflight requests never include credentials. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.

This article is part of our Browser Errors collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.