Reputation: 15807
OPTIONS 405 (Method Not Allowed) regardless server sends Access-Control-Allow-Methods:OPTIONS, GET, HEAD, POST
I'm trying to make cross-domain request and my server is configured to send the following headers:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:x-requested-with, Authorization
Access-Control-Allow-Methods:OPTIONS, GET, HEAD, POST
Access-Control-Allow-Origin:*
But when an OPTION request is made, I get OPTIONS 405 (Method Not Allowed) error.
Any Ideas what is the problem and how to fix it?
Upvotes: 12
Views: 64718
Answers (3)
Reputation: 2410
You would need to modify default OPTIONSVerbHandler. If using asp classic, that would mean adding following lines to your Web.config file:
<handlers>
<remove name="OPTIONSVerbHandler" />
<add name="OPTIONSVerbHandler" path="*" verb="OPTIONS" modules="IsapiModule" scriptProcessor="C:\Windows\System32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="None" />
</handlers>
Upvotes: 1
Reputation: 1456
Your web server / application may been configured to send the mentioned response header for every HTTP GET verb and POST verb requests. But is your web server configured to handle HTTP OPTIONS Verb?
If you need more details, please provide the webserver and application programming technology you are using.
A little background, Browsers send an OPTIONS Request when you have a cross domain request with some custom request headers. This request is made before the actual request. The browser will make the actual request only if this request comes back with the response header you have mentioned.
// These OPTIONS request are called preflight requests -- generally browsers dev tools dont track them in their network tab.f
Upvotes: 7
Reputation: 8103
I would suggest 2 solutions:
1) If you are using WebAPI you need to implement the option method that by convention should look like:
public class XXXController : ApiController
{
// OPTION http-verb handler
public string OptionsXXX()
{
return null; // HTTP 200 response with empty body
}
...
}
2) If you are not using WebAPI try to understand which part of your code triggers the OPTIONS 405 (Method Not Allowed) error for the OPTION call. In that case I would check if trying to add to the Web.config file these <customHeaders/> that works:
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<!-- CORS temporary solution -->
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Accept, X-Requested-With" />
<add name="Access-Control-Allow-Methods" value="OPTIONS, TRACE, GET, HEAD, POST, PUT" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Upvotes: 9
Related Questions
- HTTP 405 method not allowed, seems to be a CORS issue
- Origin is not allowed by Access-Control-Allow-Origin
- server responds with 405 error even with 'Access-Control-Allow-Origin': '*'?
- Access-Control-Allow-Methods doesn't seem to be working
- CORS POST request not working. No 'Access-Control-Allow-Origin' header is present on the requested resource. What is wrong?
- CORS with Sencha Touch 2
- Ajax 405 (Method Not Allowed) Cross Domain Issue
- Access-Control-Request-Header: - x-requested-with
- Cross-domain requests does not work using Sencha Touch 2
- Sencha Touch Ajax Request Error: Origin null is not allowed by Access-Control-Allow-Origin.