I'm trying to make cross-domain request and my server is configured to send the following headers:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:x-requested-with, Authorization
Access-Control-Allow-Methods:OPTIONS, GET, HEAD, POST
Access-Control-Allow-Origin:*
But when an OPTION request is made, I get OPTIONS 405 (Method Not Allowed) error.
Any Ideas what is the problem and how to fix it?
I would suggest 2 solutions:
1) If you are using WebAPI you need to implement the option method that by convention should look like:
public class XXXController : ApiController
{
// OPTION http-verb handler
public string OptionsXXX()
{
return null; // HTTP 200 response with empty body
}
...
}
2) If you are not using WebAPI try to understand which part of your code triggers the OPTIONS 405 (Method Not Allowed) error for the OPTION call. In that case I would check if trying to add to the Web.config file these <customHeaders/> that works:
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<!-- CORS temporary solution -->
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Accept, X-Requested-With" />
<add name="Access-Control-Allow-Methods" value="OPTIONS, TRACE, GET, HEAD, POST, PUT" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Your web server / application may been configured to send the mentioned response header for every HTTP GET verb and POST verb requests. But is your web server configured to handle HTTP OPTIONS Verb?
If you need more details, please provide the webserver and application programming technology you are using.
A little background, Browsers send an OPTIONS Request when you have a cross domain request with some custom request headers. This request is made before the actual request. The browser will make the actual request only if this request comes back with the response header you have mentioned.
// These OPTIONS request are called preflight requests -- generally browsers dev tools dont track them in their network tab.f
You would need to modify default OPTIONSVerbHandler. If using asp classic, that would mean adding following lines to your Web.config file:
<handlers>
<remove name="OPTIONSVerbHandler" />
<add name="OPTIONSVerbHandler" path="*" verb="OPTIONS" modules="IsapiModule" scriptProcessor="C:\Windows\System32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="None" />
</handlers>
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 做个烂人 的文章《OPTIONS 405 (Method Not Allowed) regardless server》','https://www.manongdao.com/article-588771.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}