If you would ‘just ask’ for a request that modifies data it is no use if the browser only checks afterwards if the request was allowed (like it does for simple GET requests). By then the data has already been modified and the harm is done. So there has to be something that makes the browser aware that domain X allows modifications to be made from domain Y before the modifying request is made and thus you need a preflight request. Or to put in another way: not all ‘asks’ are created equal.