A cross-origin HTTP request can be either simple or non-simple, which indicates whether the browser asks the target web service if the HTTP request is allowed before the request can occur.
Simple requests are cross-origin HTTP requests that do not require prior approval from the target web service before the request can be sent by the browser. An HTTP request must meet the following criteria to execute as a simple request:
Non-simple requests are cross-origin HTTP requests that must get approval from the target web service to send the actual HTTP request. The web browser sends a CORS preflight request to the target web service to ask for approval. The response to the CORS preflight request determines if the web browser can proceed to send the actual HTTP request. A cross-origin HTTP request executes as a non-simple request if it violates any of the criteria for a simple request.
CORS also enables you to create credentialed requests that may include HTTP cookies and HTTP Authentication headers or allow TLS client certificates. By default, browsers do not include credentials with a cross-origin HTTP request. However, you can use the Configure CORS node in a WebVI to include credentials with a cross-origin request. The Configure CORS node has no effect on same-origin HTTP requests.
LabVIEW Web Services are unable to respond to CORS preflight requests from a web browser. Due to this restriction, a web application running in a web browser that attempts to make a request to a LabVIEW Web Service is limited to making either simple cross-origin requests or making same-origin requests by hosting the web application as part of the target LabVIEW Web Service.