HTTP OPTIONS Preflight Errors — CORS Preflight Request Failures

Fix HTTP OPTIONS preflight request failures causing CORS errors, including missing headers, incorrect methods, and proxy blocking preflight requests. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.

Here are the key things to understand: Preflight requests are automatic OPTIONS requests sent by browsers before cross-origin requests with custom headers or methods. The server must respond to OPTIONS with appropriate Access-Control-Allow-* headers. Preflight is triggered by non-simple requests: custom headers, PUT/PATCH/DELETE methods, or non-standard Content-Types. A failed preflight blocks the actual request entirely — the browser never sends it. Preflight responses can be cached using Access-Control-Max-Age to reduce repeated OPTIONS calls. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.

The most common reasons this occurs include: Server not handling OPTIONS method — returning 405 Method Not Allowed instead of CORS headers. Access-Control-Allow-Headers missing the custom header names used in the request. Access-Control-Allow-Methods not including the HTTP method (PUT, PATCH, DELETE) being used. Reverse proxy or WAF blocking OPTIONS requests before they reach the application. Identifying the root cause is the first step toward finding the right solution.

To resolve this, follow these recommended steps: Add an OPTIONS route handler that returns 204 with Access-Control-Allow-Origin, Allow-Methods, and Allow-Headers. Ensure Access-Control-Allow-Headers includes all custom headers: Authorization, Content-Type, X-Requested-With, etc.. Set Access-Control-Allow-Methods to include all methods your API uses: GET, POST, PUT, PATCH, DELETE, OPTIONS. Add Access-Control-Max-Age: 86400 to cache preflight results and reduce OPTIONS requests. Configure your reverse proxy to pass OPTIONS requests through to the application server. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.

This article is part of our HTTP Status Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.