You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
dio web has headers in its request which are not allowed for "Simple request", which means some request which shouldn't trigger preflight will trigger it. EG CORS errors.
There is a strict policy on how to be elligible for what's called "simple request":
Simple request
A simple cross-site request is one that meets all the following conditions:
The only allowed methods are:
GET
HEAD
POST
Apart from the headers set automatically by the user agent (e.g. Connection, User-Agent, etc.), the only headers which are allowed to be manually set are:
Accept
Accept-Language
Content-Language
Content-Type
The only allowed values for the Content-Type header are:
application/x-www-form-urlencoded
multipart/form-data
text/plain
A simple request will not cause a pre-flight OPTIONS request
Here is an example URL which does not pass with dio https://homologation-webpayment.payline.com/webpayment/getToken but will pass with the http package, content type should be x-www-form-urlencoded, just make a POST request with whatever data, DIO will trigger a preflight and a CORS issue
The text was updated successfully, but these errors were encountered:
I am still having same issue dio: ^5.4.1. Sending normal post with MultipartFile, not changing or setting any headers. Should be counted as Simple Request but somehow sending by dio triggers OPTIONS request.
dio web has headers in its request which are not allowed for "Simple request", which means some request which shouldn't trigger preflight will trigger it. EG CORS errors.
There is a strict policy on how to be elligible for what's called "simple request":
Simple request
A simple cross-site request is one that meets all the following conditions:
The only allowed methods are:
GET
HEAD
POST
Apart from the headers set automatically by the user agent (e.g. Connection, User-Agent, etc.), the only headers which are allowed to be manually set are:
Accept
Accept-Language
Content-Language
Content-Type
The only allowed values for the Content-Type header are:
application/x-www-form-urlencoded
multipart/form-data
text/plain
A simple request will not cause a pre-flight OPTIONS request
Here is an example URL which does not pass with dio
https://homologation-webpayment.payline.com/webpayment/getToken
but will pass with thehttp
package, content type should bex-www-form-urlencoded
, just make a POST request with whatever data, DIO will trigger a preflight and a CORS issueThe text was updated successfully, but these errors were encountered: