OPTIONS 405 (Method Not Allowed) regardless server sends Access-Control-Allow-Methods:OPTIONS, GET, HEAD, POST

后端 未结 3 829
太阳男子
太阳男子 2021-02-06 01:34

I\'m trying to make cross-domain request and my server is configured to send the following headers:

Access-Control-Allow-Credentials:true
Access-Control-Allow-He         


        
相关标签:
3条回答
  • 2021-02-06 01:58

    I would suggest 2 solutions:

    1) If you are using WebAPI you need to implement the option method that by convention should look like:

    public class XXXController : ApiController
    {
        // OPTION http-verb handler
        public string OptionsXXX()
        {
            return null; // HTTP 200 response with empty body
        }
    
        ...
    }
    

    2) If you are not using WebAPI try to understand which part of your code triggers the OPTIONS 405 (Method Not Allowed) error for the OPTION call. In that case I would check if trying to add to the Web.config file these <customHeaders/> that works:

    <configuration>
      <system.webServer>
        <httpProtocol>
          <customHeaders>
            <!-- CORS temporary solution -->
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Accept, X-Requested-With" />
            <add name="Access-Control-Allow-Methods" value="OPTIONS, TRACE, GET, HEAD, POST, PUT" />
          </customHeaders>
        </httpProtocol>
      </system.webServer>
    </configuration>
    
    0 讨论(0)
  • 2021-02-06 01:58

    Your web server / application may been configured to send the mentioned response header for every HTTP GET verb and POST verb requests. But is your web server configured to handle HTTP OPTIONS Verb?

    If you need more details, please provide the webserver and application programming technology you are using.

    A little background, Browsers send an OPTIONS Request when you have a cross domain request with some custom request headers. This request is made before the actual request. The browser will make the actual request only if this request comes back with the response header you have mentioned.

    // These OPTIONS request are called preflight requests -- generally browsers dev tools dont track them in their network tab.f

    0 讨论(0)
  • 2021-02-06 02:19

    You would need to modify default OPTIONSVerbHandler. If using asp classic, that would mean adding following lines to your Web.config file:

        <handlers>
            <remove name="OPTIONSVerbHandler" />
            <add name="OPTIONSVerbHandler" path="*" verb="OPTIONS" modules="IsapiModule" scriptProcessor="C:\Windows\System32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="None" />
        </handlers>
    
    0 讨论(0)
提交回复
热议问题