OPTIONS 405 (method not allowed) regardless of whether the server sends Access-Control-Allow-Methods: OPTIONS, GET, HEAD, POST

Question

OPTIONS 405 (method not allowed) regardless of whether the server sends Access-Control-Allow-Methods: OPTIONS, GET, HEAD, POST

I am trying to make a cross-domain request and my server is configured to send the following headers:

Access-Control-Allow-Credentials:true Access-Control-Allow-Headers:x-requested-with, Authorization Access-Control-Allow-Methods:OPTIONS, GET, HEAD, POST Access-Control-Allow-Origin:*

But when an OPTION request is made, I get an OPTIONS 405 (Method Not Allowed) error.

Any ideas what the problem is and how to fix it?

+7

javascript cors cross-domain sencha-touch jqxhr

Spadar shut Nov 08 '12 at 11:14

source share

3 answers

Filippo vitale · Answer 1 · 2013-02-08T00:45:44+0000

I would suggest two solutions:

1) If you use WebAPI, you need to implement an options method, which by convention should look like this:

 public class XXXController : ApiController { // OPTION http-verb handler public string OptionsXXX() { return null; // HTTP 200 response with empty body } ... }

2) If you are not using WebAPI, try to figure out which part of the code is causing the OPTIONS 405 (Method Not Allowed) error to call OPTION. In this case, I would check if I try to add these <customHeaders/> Web.config file that work:

 <configuration> <system.webServer> <httpProtocol> <customHeaders> <!-- CORS temporary solution --> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Accept, X-Requested-With" /> <add name="Access-Control-Allow-Methods" value="OPTIONS, TRACE, GET, HEAD, POST, PUT" /> </customHeaders> </httpProtocol> </system.webServer> </configuration>

humblelistener · Answer 2 · 2012-11-08T18:03:45+0000

Your web server / application can be configured to send the specified response header for each HTTP GET request and POST request. But is your web server configured to handle HTTP OPTIONS Verb?

If you need more information, provide the web server and application programming technology that you use.

Small background, browsers send an OPTIONS request when you have a cross-domain request with some custom request headers. This request is executed before the actual request. The browser will only execute the actual request if that request returns with the response header that you mentioned.

// These OPTIONS requests are called preflight requests - usually dev tools do not track them on their network tab.f

Anatoly Alekseev · Answer 3 · 2016-11-03T14:58:08+0000

You will need to change the default OPTIONSVerbHandler. Using asp classic would mean adding the following lines to your Web.config file:

  <handlers> <remove name="OPTIONSVerbHandler" /> <add name="OPTIONSVerbHandler" path="*" verb="OPTIONS" modules="IsapiModule" scriptProcessor="C:\Windows\System32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="None" /> </handlers>

OPTIONS 405 (method not allowed) regardless of whether the server sends Access-Control-Allow-Methods: OPTIONS, GET, HEAD, POST

More articles: