Geek Answers Handbook

CORS Pre-Validation Request Returning HTTP 405

I am trying to create a RESTful web service and am stuck in implementing PUT requests. I tried and could not complete other answers on this site and various articles from Mozilla.

The request is created from the wwwtest.dev-box domain, and it is sent to test.dev-box (basically an external application that calls the background application). Here are the headers I grabbed from the Live HTTP headers:

 http://test.dev-box/resource/v1/data/user/1 OPTIONS /resource/v1/data/user/1 HTTP/1.1 Host: test.dev-box User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Origin: http://wwwtest.dev-box Access-Control-Request-Method: PUT Connection: keep-alive HTTP/1.1 405 Method Not Allowed Date: Wed, 16 Oct 2013 16:15:58 GMT Server: Apache/2.2.15 (Red Hat) x-powered-by: PHP/5.3.27 Access-Control-Allow-Origin: http://wwwtest.dev-box Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS Access-Control-Max-Age: 1728000 Content-Length: 0 Allow: PUT Cache-Control: no-cache Connection: close Content-Type: text/html; charset=UTF-8

I use the framework, so everything is redirected to web.php, which contains the following code at the top of the page (taken from this MDN article ):

 if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { header('Access-Control-Allow-Origin: http://wwwtest.dev-box'); header('Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS'); header('Access-Control-Max-Age: 1728000'); header("Content-Length: 0"); header("Content-Type: text/plain"); } else { header("HTTP/1.1 403 Access Forbidden"); header("Content-Type: text/plain"); }

Before my code executes the PUT request, it will first send the OPTIONS request before the CORS request (as you can see from the above snapshot). The necessary headers should be attached to the response and inform the requestor that PUT is allowed. Unfortunately, as you can see from the response headers above, it still returns 405 Method Not Allowed, even if the PUT is in access-permission control methods.

This is the .htaccess file for your environment (Silex):

 <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ web.php [QSA,L] </IfModule>
+7
php cors silex
source share
2 answers

I found the answer as a cross between Apache configuration and framework.

  • To configure Apache, you can either put the following in your VirtualHost directive, or in the .htaccess file of the requested domain (if it doesn’t remember encapsulation with ifModule mod_headers.c tags in .htaccess). Setting headers on the page from which mod_rewrite is redirected does not work:

    Access-Control-Allow-Origin Header Set " http: //wwwtest.dev-box "

    Access-Control-Allow-Methods Header Set "GET, POST, HEAD, DELETE, PUT, OPTIONS"

  • To configure Silex, put the following into your routes: It basically sends HTTP 200 OK for any OPTIONS request it receives. Code found in the Silex Google Group :

    $ app-> match ("{url}", function ($ url) use ($ app) {return "OK";}) β†’ assert ('url', '. *') β†’ method ("OPTIONS");

Both steps must be completed for the RESTful application to function properly.

+12
source

405 refers to the actual preflight / OPTIONS request. Your server rejects the preflight post because OPTIONS requests are generally not accepted by your server. You will need to reconfigure your server to accept OPTIONS requests. Simply including code in a PHP file may not be enough. Most likely your web server / application server does not know this verb and rejects the request before it hits your PHP code.

+3
source

More articles:


All Articles