How to fix CORB warning on OPTIONS request


Difficulty

If you see this annoying warning on the Console when you have finally implemented your “perfect” authentication system, you are not the only one:

Cross-Origin Read Blocking (CORB) blocked cross-origin response with MIME type ...

Perhaps using an interceptor, which I’ll explain to you on other occasions.

The reason is the method of an OPTIONS request for preliminary verification, to perform a sort of “handshake” before the real protected request (GET or POST).

The OPTIONS request has an empty response and, when you set the “Content-type” response header or the server set for you, you’ll have an unexpected zero length of the content response.

To correct the CORB alert, you need to add only a zero header on the response or status response to 204, both only for OPTIONS authentication requests.

Below are two examples of implementation in a PHP REST API (valid however in any language).

One by adding a “Content-Length: 0” header:

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
  header("Content-Length: 0");
}

And another with a 204 (No Content) Status in response:

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
  http_response_code(204);
}

That’s all for now.
See ya.


0
Be the first one to like this.
Please wait...

Leave a Reply

Thanks for choosing to leave a comment.
Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published.
Please do NOT use keywords in the name field. Let's have a personal and meaningful conversation.