Access-Control-Allow-Methods and Microsoft Edge, works with Firefox and Chrome
Question
I'm using superagent to execute a DELETE call to my WebApi backend.
The pre-flight call says that the Access-Control-Allow-Methods are *, GET, POST, PUT, DELETE, OPTIONS . Using the method DELETE works fine in Firefox and Chrome, but not Edge (maybe the same with IE?).
Im getting this error in my console:
SEC7124: Request method DELETE was not present in the Access-Control-Allow-Methods list.
The preflight call for it returns the same in dev-tools for Edge as for Chrome and Firefox. The server is running CORS.
2 answers
solution1
3 2016-06-30 11:15:54
IE Edge will also not accept multiple headers, ie.
Access-Control-Allow-Methods: POST
Access-Control-Allow-Methods: PUT
and you have to return a single
Access-Control-Allow-Methods: POST, PUT
solution2
1 ACCPTED 2016-06-02 17:26:34
Apparently Edge rejects * as a value for Access-Control-Allow-Methods , despite it being grammatically valid under the CORS and HTTP specifications. Note, however, that * does not have semantic significance as a wildcard in Access-Control-Allow-Methods . It literally refers to an HTTP method with the single-character name * . Unless your server actually expects an HTTP method called * , there is no reason to include this method name.
Remove the * from the list to make your request work on Edge.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.