Django/DRF - 405 Method not allowed on DELETE operation

django django-rest-framework django-cors-headers
haki picture haki · Nov 3, 2014 · Viewed 19.8k times · Source

I'm working with two dev servers on my local machine (node & django's).

I've added django-cors-headers to the project to allow all origins & methods (on dev) with the following settings : 

CORS_ORIGIN_ALLOW_ALL = 'ALL'
CORS_ALLOW_METHODS = (
        'GET',
        'POST',
        'PUT',
        'PATCH',
        'DELETE',
        'OPTIONS'
    )

I'm getting 405 when attempting DELETE. Looking at the response headers 

HTTP/1.0 405 METHOD NOT ALLOWED
Date: Mon, 03 Nov 2014 10:04:43 GMT
Server: WSGIServer/0.1 Python/2.7.5
Vary: Cookie
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: *
Allow: GET, POST, HEAD, OPTIONS

Notice that DELETE & PATCH / PUT are not present in the allowed methods list.

Is there something missing from my configuration ?

Answer

Kevin Brown picture Kevin Brown · Nov 3, 2014

The response looks very similar to that of the list view (/api/resource/) for a ViewSet. List views only support GET, to list all of the objects, and POST to create a new object.

DELETE requests are only allowed on the detail view (/api/resource/1/). This is because Django REST Framework needs to know what object you are looking to delete, and this information cannot be retrieved from just the list view.

Related questions

Django Python rest framework, No 'Access-Control-Allow-Origin' header is present on the requested resource in chrome, works in firefox

I have researched and read quite a few Stackoverflow posts on the same issue. None have resolved my issue. My problem is that I am getting the "...No 'Access-Control-Allow-Origin' header is present on the requested resource..." error in my console. …

Read More
AngularJS + Django Rest Framework + CORS ( CSRF Cookie not showing up in client )

I am developing a 1-page application in AngularJS using and Django Rest Framework + Django CORS Headers. My problem is that the "csrftoken" cookie never shows up in my browser when I have contacted the backend. For example: I am doing …

Read More
'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

I am working on project using Django and React using Rest Framework. I have set CORS_ALLOW_ALL_ORIGINS=True in settings.py still i am getting error Access to XMLHttpRequest at 'http://127.0.0.1:8000/api/encrypt/' from origin 'http://localhost:3000…

Read More