Return 204 is pure convention, it means a successful response without any content (body).
The OPTIONS
request itself is a "special" request made by the browser when you request resources from another domain ( cross-domain ). It serves to check if you are able to make this request to another domain.
It sends the headers Access-Control-Request-Method
, Access-Control-Request-Headers
and Origin
.
If the server accepts the request, the browser will receive a response containing the headers (prefixed with
Access-Control-*
) that define what is available for the given endpoint .
The name of this is preflight request .
You can see more details on MDN .
In your example, a request with the header Access-Control-Request-Headers
is set to Authorization
and Access-Control-Request-Method
set to GET
.
The server responded by saying that it is all right (204) and that you can send the header Authorization
that it will be accepted and interpreted, in addition, there is the header Access-Control-Allow-Origin
which defines this endpoint can be called from any source.