Blog

Multipart file uploads and CORS: when preflight doubles your round trips

Large uploads with custom headers trigger OPTIONS first; tune chunk sizes and avoid unnecessary Authorization on preflight.

Published: 2025-06-06Updated: 2025-06-101 min read

uploadcorspreflight

Header minimalism

Every non-simple header on the upload request can force preflight; audit X- headers added by SDKs.

If you control the CDN, configure CORS at the bucket edge and match allowed methods with your client SDK.

413 and CORS errors together often indicate size limits at a different layer than your application server.

Log request IDs across gateway, storage, and app to pinpoint which hop strips CORS on errors.