I just want to get this straight. I’m using oauth2 to authenticate my client-side

Question

0

Asked: June 12, 20262026-06-12T13:21:28+00:00 2026-06-12T13:21:28+00:00

I just want to get this straight. I’m using oauth2 to authenticate my client-side

0

I just want to get this straight.

I’m using oauth2 to authenticate my client-side app (i.e. browser app) agains to google calendar v3 API. Until now I used a string parameter with the access_token to call the endpoints.

After I switched to header authentification I noticed that the browser needs two xhr requests to call an endpoint where the first one is OPTIONS and the second the actual GET request. This is an expected behavior, right?

Of course, under certain conditions this slows down the user experience. Is it possible to have only one xhr (GET) request with header authentification?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T13:21:29+00:00

Editorial Team

2026-06-12T13:21:29+00:00Added an answer on June 12, 2026 at 1:21 pm

No. When setting a custom header (in this case an auth header) a preflight request is triggered. (Specs, Blogpost by Remy Sharp)

If you want to save the extra roundtrip call the endpoint with the access_token parameter.

If you still see a OPTION request, check if your js lib/framework sets a custom header. There was a (long gone) bug in jQuery for instance.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I just want to get this straight. I’m using oauth2 to authenticate my client-side

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply