OPTIONS 405 (Method Not Allowed) regardless server sends Access-Control-Allow-Methods:OPTIONS, GET, HEAD, POST

Question

I\'m trying to make cross-domain request and my server is configured to send the following headers:

Access-Control-Allow-Credentials:true
Access-Control-Allow-He         


        

Answer 1

Your web server / application may been configured to send the mentioned response header for every HTTP GET verb and POST verb requests. But is your web server configured to handle HTTP OPTIONS Verb?

If you need more details, please provide the webserver and application programming technology you are using.

A little background, Browsers send an OPTIONS Request when you have a cross domain request with some custom request headers. This request is made before the actual request. The browser will make the actual request only if this request comes back with the response header you have mentioned.

// These OPTIONS request are called preflight requests -- generally browsers dev tools dont track them in their network tab.f