Reputation: 199
CORS Method PATCH is not show in Access-Control-Allow-Methods
I am working on an angular 9 app and use angular httpclient to send a patch require. But the require always failed due to preflight request not pass. I know I can add some setting about allow methods and I did, but still not work, seems my setting not work for angular httpclient. I have stuck in this issue long time, please give some advices about this issue. The server is Tomcat 7(7.0.106), rest api is jersery and here is part of setting in web.xml
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Authorization,Content-Type,X-Requested-With,Origin,Accept,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH</param-value>
</init-param>
</filter>
And here is the request detail in Chrome of angular httpclient (The failed one)
**General**
Request URL: http://localhost:8080/api/v1/user/testPatch
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: [::1]:8080
Referrer Policy: strict-origin-when-cross-origin
**Request Header**
...
Accept: */*
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: PATCH
Cache-Control: no-cache
Connection: keep-alive
Host: localhost:8080
Origin: http://localhost:4200
Pragma: no-cache
Referer: http://localhost:4200/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
...
**Response Header**
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization,Content-Type,X-Requested-With,Origin,Accept,Access-Control-Request-Method,Access-Control-Request-Headers
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
Access-Control-Allow-Origin: http://localhost:4200
Allow: OPTIONS,PATCH
Content-Length: 803
Content-Type: application/vnd.sun.wadl+xml
Server: HTTP Server
...
As you can see, the PATCH method do do not in the "Access-Control-Allow-Methods", but I have already set it in web.xml, I have no idea what I am missing. BTW, I can call the same api successfully through Postman, and the "Access-Control-Allow-Methods" setting in response is total the same as what I set in web.xml
Upvotes: 0
Views: 4122
Answers (1)
Reputation: 199
Finally I find the issue, but first thanks @Andrei and @Paul Samsotha for your reply. The reason of this issue is I use a Chrome cors plugin and that plugin will overwirte the allow method for cors request and the default value of alllow method is not include "PATCH".
Upvotes: 10
Related Questions
- Dotnet core CORS - PATCH method is not being included in Access-Control-Allow-Methods
- JAX-RX - Blocked by CORS policy: Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response
- angular : Did not find method in CORS header ‘Access-Control-Allow-Methods
- Method PATCH is not allowed by Access-Control-Allow-Methods in preflight
- No 'Access-Control-Allow-Origin' header present in request
- Request header field Access-Control-Allow-Methods is not allowed by Access-Control-Allow-Headers in preflight response
- CORS Method PATCH is not allowed by Access-Control-Allow-Methods
- Tomcat 8: CORS filter doesn't work
- Enable CORS on Tomcat 8.0.30
- Where to enable cors?