Angular respects the behavioral specification in case of HTTP request of resources between sources ( CORS , or Cross-Origin Resource Sharing).
One of these specifications determines the need for an initial request ( preflight ) which informs the availability, or not, of resources: This is the OPTIONS request.
A typical return of an OPTIONS request looks like this:
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 01:15:39 GMT
Server: Apache/2.0.61 (Unix)
Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER, Content-Type
Access-Control-Max-Age: 86400
Vary: Accept-Encoding, Origin
Content-Encoding: gzip
Content-Length: 0
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/plain
The Access-Control-Allow-Origin
header indicates one or more accepted source domains.
The Access-Control-Allow-Methods
header informs the possible verbs. In the example above you can not use PATCH and DELETE, for example.
A list of acceptable headers can be indicated via Access-Control-Allow-Headers
.