krojew krojew - 4 months ago 25
Ajax Question

Firefox ignoring CORS method

I'm implementing a web service with CORS support. Everything works fine, except when I issue a DELETE request. Firefox sends the following preflight:

OPTIONS /node-configuration?sessionId=cee013ce-53e6-11e6-8929-7efd7b6db237&address=127.0.0.1&port=8043 HTTP/1.1
Host: 127.0.0.1:8032
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: DELETE
Origin: XXX
Connection: keep-alive


And the server responds with:

HTTP/1.1 200 OK
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: XXX
Access-Control-Allow-Method: POST, GET, DELETE, OPTIONS


As you can see, DELETE is in the Access-Control-Allow-Method header. But when I send the request:

DELETE /node-configuration?sessionId=cee013ce-53e6-11e6-8929-7efd7b6db237&address=127.0.0.1&port=8043
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Host: 127.0.0.1:8032
Origin: XXX
Referer: XXX
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0


Firefox blocks it: method not found in CORS „Access-Control-Allow-Methods”

Am I missing something?

Answer

The header is called Access-Control-Allow-Methods, you missed out the s on the end in the response header.