How to use Access-Control-Allow-Methods in header
Question
When I set header('Access-Control-Allow-Methods: GET'); in my PHP header, I expect that I can't Post something to that file. But it isn`t like this. My firefox-browser shows the header in the console but do not act in any case. I expected an behavior like on Access-Control-Allow-Origin where the access will be denied.
var requestConfig = {
url: "http://xyz.de/test7.php?",
method: "POST",
data: data
};
$.ajax(requestConfig)
This will be executed without any error.
Is Access-Control-Allow-Methods not supported or do I something wrong?
1 answers
solution1
0 2016-03-01 14:45:47
What I understand from what I've read on MDN is that, this header is for preflighted request. The browser will make an OPTION request to check what are the actual Methods accepted by the server and then do the request if it is an accepted method.
So you should send this header on the preflight OPTION request, not the actual GET request.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.