Reputation: 362
ajax DELETE method not allowed
I am trying to delete user with scim service.
When I call it through SoapUI and curl it works but when I create ajax call it returns 405 method not allowed
SOAPUI5
IP: https://localhost:9447//wso2/scim/Users/token_of_user_to_be_deleted
OAUTH2 token: my_token_for_oauth
Media type: application/json
CURL
curl -v -k --user admin:admin -X DELETE https://localhost:9447/wso2/scim/Users/b228b59d-db19-4064-b637-d33c31209fae -H "Accept: application/json"
This both worked and deleted the user.
AJAX DOESNT WORK FOR ME
$.ajax({
url: 'https://localhost:9447/wso2/scim/Users/token_of_user_to_be_deleted',
type: 'DELETE',
headers: { 'Content-Type':'application/json'},
xhrFields: {
withCredentials: true
},
beforeSend: function (request) {
request.setRequestHeader('Authorization', 'Bearer ' + that.oauth2.loadToken().access_token);
},
success: function() {
console.log("success")
},
error: function () {
console.log("error")
}
});
ERROR: Cross-Origin Resource Sharing (CORS) Filter: Unsupported HTTP method: DELETE
Upvotes: 1
Views: 3546
Answers (1)
Reputation: 10916
The browser does hit an OPTIONS request before sending the actual request. This request includes the accepted methods
Access-Control-Allow-Methods: GET, OPTIONS
Your server does not send a DELETE accepted method in the options response, hence your request throws this error.
To solve this issue, you need to add the DELETE to the accepted methods by your server. in your server settings
Access-Control-Allow-Methods: POST, GET, DELETE, OPTIONS
The options request is only sent on the browser since it is only implemented by the browsers as a security measure. curl / node / SOAPUI5 do not confirm to this restriction, hence enable you to get what you want. (unless the server is configured otherwise internally to prevent some headers)
Update
As @jannis mentioned, It's worth noting that the OPTIONS request preceding the actual one is called a preflight request and the mechanism in general is called CORS.
You can read more in preflight requests (and CORS in general) by following these links:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control#Preflighted_requests
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
Upvotes: 4
Related Questions
- Ajax delete request returns 200 but fires error
- delete request ajax jquery don't function
- Problem with ajax request for delete function
- AJax delete not work in some browsers
- Delete function not working properly - Ajax
- AJAX delete - using jQuery
- How can i delete using ajax?
- JQuery ajax DELETE request fails at OPTIONS stage
- Error when using `delete` as property name
- Ajax delete help