CODEWITHSUNDEEP
corsrestify
Geuis
Geuis

Reputation: 42267

405 Method Not Allowed using DELETE with Restify and CORS

This is principally for developing the service locally.

I'm getting a 405 method not allowed with a DELETE request using Restify and CORS. I think I must be overlooking something. Would really appreciate some fresh eyes to point out what I'm doing wrong.

I do know about restify-cors-middleware but am not using it because its not documented well and I haven't been able to configure it correctly.

Instead, I've implemented my own CORS configuration for Restify. It works for GET and POST, but not for DELETE.

// allows localhost to work
if (process.env.DEV === 'true') {
  app.pre((req, res, next) => {
    res.header('Access-Control-Allow-Origin', '*');
    res.header('Access-Control-Allow-Headers', 'Accept, Authorization, Content-Type, Content-Disposition, Origin, X-Requested-With');
    res.header('Access-Control-Allow-Credentials', 'true');
    res.header('Access-Control-Allow-Methods', 'DELETE, GET, POST, OPTIONS, PUT');
    res.header('access-control-max-age', 86400);

    return next();
  });

  app.opts('/.*/', (req, res, next) => {
    res.send(200);
    return next();
  });
}

Options preflight:

Request 

URL: http://localhost:8000/f388798f20e0d496023812a05109ea5276d2eb3d41f8eb5b58c9d43da9b7a001-leWWTe
Request Method:OPTIONS
Status Code:200 OK
Remote Address:[::1]:8000
Referrer Policy:no-referrer-when-downgrade

Response headers

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Disposition, Origin, X-Requested-With
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: DELETE, GET, POST, OPTIONS, PUT
access-control-max-age: 86400
Date: Tue, 10 Oct 2017 01:04:57 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Request headers

OPTIONS /f388798f20e0d496023812a05109ea5276d2eb3d41f8eb5b58c9d43da9b7a001-leWWTe HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: DELETE
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Access-Control-Request-Headers: authorization
Accept: */*
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8

DELETE request:

Request

URL: http://localhost:8000/f388798f20e0d496023812a05109ea5276d2eb3d41f8eb5b58c9d43da9b7a001-leWWTe
Request Method:DELETE
Status Code:405 Method Not Allowed
Remote Address:[::1]:8000
Referrer Policy:no-referrer-when-downgrade

Response headers

HTTP/1.1 405 Method Not Allowed
Server: Planet Timelapse
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Accept, Authorization, Content-Type, Content-Disposition, Origin, X-Requested-With
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: DELETE, GET, POST, OPTIONS, PUT
access-control-max-age: 86400
Allow: OPTIONS
Content-Type: application/json
Content-Length: 61
Date: Tue, 10 Oct 2017 01:04:57 GMT
Connection: keep-alive

Request Headers

DELETE /f388798f20e0d496023812a05109ea5276d2eb3d41f8eb5b58c9d43da9b7a001-leWWTe HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
accept: application/json
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8

Upvotes: 2

Views: 1618

Answers (1)

Braden Ellis
Braden Ellis

Reputation: 46

It appears as though you haven't registered a handler for your DELETE method. The response shows this:

Allow: OPTIONS

Perhaps you haven't wired up the handler correctly?

Upvotes: 3

Related Questions