I've set up a REST API on a django and requesting things via JavaScript AJAX with CORS enabled. It works fine until I try to use a PUT request. Because django cannot handle PUT, I am using django-piston's coerce_put_post method. The problem is, that the PUT request is handled successfully but the OPTIONS request fails with 405 METHOD NOT ALLOWED.

This is the Network log of the failing request.

• Request URL : http://localhost
• Request Method : OPTIONS
• Status Code : 405 METHOD NOT ALLOWED

Request Headers

• Accept : /
• Accept-Encoding : gzip,deflate,sdch
• Accept-Language : de,en-US;q=0.8,en;q=0.6
• Access-Control-Request-Headers : accept, origin, content-type
• Access-Control-Request-Method : PUT
• Cache-Control : no-cache
• Connection : keep-alive
• Host : foo
• Origin : http://localhost
• Pragma : no-cache
• Referer : http://localhost/bar
• User-Agent : Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36

Response Headers

• Access-Control-Allow-Credentials : true
• Access-Control-Allow-Headers : Content-Type, Pragma, Cache-Control
• Access-Control-Allow-Methods : POST,GET,OPTIONS,PUT,DELETE
• Access-Control-Allow-Origin : http://localhost
• Allow : post,get,options,put,delete
• Content-Type : text/html; charset=utf-8
• Date : Fri, 09 Aug 2013 09:39:41 GMT
• Server : WSGIServer/0.1 Python/2.7.4

As you can see, the OPTIONS is actually allowed in the CORS headers.

So why does it still fail?