OPTIONS 405 (Method Not Allowed) regardless server sends Access-Control-Allow-Methods:OPTIONS, GET, HEAD, POST
I'm trying to make cross-domain request and my server is configured to send the following headers:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:x-requested-with, Authorization
Access-Control-Allow-Methods:OPTIONS, GET, HEAD, POST
Access-Control-Allow-Origin:*
But when an OPTION request is made, I get OPTIONS 405 (Method Not Allowed) error.
Any Ideas what is the problem and how to fix it?
Answer
I would suggest 2 solutions:
1) If you are using WebAPI you need to implement the option method that by convention should look like:
public class XXXController : ApiController
{
// OPTION http-verb handler
public string OptionsXXX()
{
return null; // HTTP 200 response with empty body
}
...
}
2) If you are not using WebAPI try to understand which part of your code triggers the OPTIONS 405 (Method Not Allowed) error for the OPTION call. In that case I would check if trying to add to the Web.config file these <customHeaders/> that works:
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<!-- CORS temporary solution -->
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Accept, X-Requested-With" />
<add name="Access-Control-Allow-Methods" value="OPTIONS, TRACE, GET, HEAD, POST, PUT" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>