Unlike simple requests (discussed above), "preflighted" requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send. Cross-site requests are preflighted like this since they may have implications to user data. In particular, a request is preflighted if:
GET, HEAD or POST. Also, if POST is used to send request data with a Content-Type other than application/x-www-form-urlencoded, multipart/form-data, or text/plain, e.g. if the POST request sends an XML payload to the server using application/xml or text/xml, then the request is preflighted.X-PINGOTHER)
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
http://91.213.30.153/url?sa=t&rct=j&q=Preflight+Request+server&source=web&cd=1&ved=0CBsQFjAA&url=%68%74%74%70%3a%2f%2f%77%77%77%2e%68%74%6d%6c%35%72%6f%63%6b%73%2e%63%6f%6d%2f%65%6e%2f%74%75%74%6f%72%69%61%6c%73%2f%63%6f%72%73%2f&ei=LysyVczBGKbC7gbQyoGIDw&usg=AFQjCNEqGW6hrCKA6tJWxPT0-r66XZGgeQ&bvm=bv.91071109,d.bGg&cad=rjt
https://spring.io/understanding/CORS
原文:http://www.cnblogs.com/aloha/p/4437789.html