HTTP post calls always have OPTIONS calls preceding them

We’re using HTTP Post for most operations. When looking in the Chrome Debugger Tab we see that every POST call is preceded with an OPTIONS call.

My guess is that the call to options is a byproduct of using JsonServiceClient(), but I don’t know where.

        let client = new JsonServiceClient(url);
        client.headers.append (this.ServiceStackApiKeyName, this.ServiceStackApiKey);
        client.credentials = "omit";
        let response = await;

Any suggestions?

The Preflight OPTION requests are sent by all browsers.

Thanks. Im trying to limit the number of options calls by using

client.headers.append (‘Access-Control-Max-Age’, ‘500’);

on the client side. But the first call always generates an error.

Any ideas?

A generic error isn’t useful, you’d need to investigate to identify what the error is from inspecting the raw HTTP Request/Response Headers.

The moment i add

client.headers.append ('Access-Control-Max-Age', '500');

I get:

Access to fetch at ‘http://localhost:5172/venue/json/reply/ListDevices’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: Request header field access-control-max-age is not allowed by Access-Control-Allow-Headers in preflight response.

The error response suggests you’ve not included the Access-Control-Max-Age HTTP Header in the list of allowedHeaders in your CorsFeature configuration.

Thanks. After adding that to the server side i no longer get that error.

But the calls to OPTIONS call still happens every time. But a co-worker ran the same code on a Mac and did NOT see the same behavior. So our TypeScript and ServiceStack implementation are not suspect currently.

Question: We dispose of the JsonServiceClient after every REST call. Will that stop the aching algorithm from working, or is the caching managed below by the browser?

Also, im still very interested in that back-end management panel powered by ServiceStack. The Nebular guys have 1/2 of the implementation but its not complete. I know you would do a much better job.

Regardless, thanks for all of your help. Stay safe.


The behavior is determined by browsers, the JsonServiceClient just uses the W3C standard fetch API for making Ajax calls. No physical connection management is not going to affect its CORS behavior.

Not sure what this is referring to, is this in continuation to a previous topic? Where’s their 1/2 implementation?

This is the post where i suggested it.

This is the nebular library

No support for creating accounts or groups of accounts.
Nebular more focused on making a pretty UI and not actually managing users, groups and capabilities.

In the past you said it was on your future list.

Im sure your very busy building servicestack, but just wanted to mention it.


The problem was an old version of chrome that had a known issue with options.

1 Like