HTTP delete CORS issue using tokens


(David Dav) #1

Receiving Method DELETE is not allowed by Access-Control-Allow-Methods in preflight response. when trying to unlike a post. My PUT, POST, and GET calls are working via the discourse API using tokens. Anybody run into this?


(Sam Saffron) #2

Is this on latest, have a look at the full sequence in chrome dev tools, are we explicitly disallowing DELETE?


(Mittineague) #3

Looking in Network it doesn’t look that way.
I just Liked and then ninja unLiked your post.

Like

Request URL:https://meta.discourse.org/post_actions
Request Method:POST
Status Code:200 

unLike

Request URL:https://meta.discourse.org/post_actions/233725
Request Method:DELETE
Status Code:200 

(David Dav) #4

We are using the latest hosted version and authentication via token. We are accessing via API endpoints.

Request URL:https://example.com/post_actions/264?api_key=<key>&api_username=Testddd-dev-5369&post_action_type_id=2
Request Method:OPTIONS
Status Code:200 
Remote Address:55.55.55.55:443 <fake ip>
:authority:example.com
:method:OPTIONS
:path:/post_actions/264?api_key=<key>&api_username=Testddd-dev-5369&post_action_type_id=2
:scheme:https
accept:*/*
accept-encoding:gzip, deflate, sdch, br
accept-language:en-US,en;q=0.8
access-control-request-headers:x-http-method-override
access-control-request-method:DELETE
dnt:1
origin:http://localhost:3000
referer:http://localhost:3000/thread-details/202
user-agent:Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1