I'm using superagent to execute a DELETE
call to my WebApi backend.
The pre-flight call says that the Access-Control-Allow-Methods
are *, GET, POST, PUT, DELETE, OPTIONS
. Using the method DELETE
works fine in Firefox and Chrome, but not Edge (maybe the same with IE?).
Im getting this error in my console:
SEC7124: Request method DELETE was not present in the Access-Control-Allow-Methods list.
The preflight call for it returns the same in dev-tools for Edge as for Chrome and Firefox. The server is running CORS.
IE Edge will also not accept multiple headers, ie.
Access-Control-Allow-Methods: POST
Access-Control-Allow-Methods: PUT
and you have to return a single
Access-Control-Allow-Methods: POST, PUT
Apparently Edge rejects *
as a value for Access-Control-Allow-Methods
, despite it being grammatically valid under the CORS and HTTP specifications. Note, however, that *
does not have semantic significance as a wildcard in Access-Control-Allow-Methods
. It literally refers to an HTTP method with the single-character name *
. Unless your server actually expects an HTTP method called *
, there is no reason to include this method name.
Remove the *
from the list to make your request work on Edge.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.