2

I am facing the frequent 405 problem when launching a POST request from my localhost:8080 to an external API. I've tried to use many different options but I don´t get the key of the problem. 

URL = api end point; //Your URL var datajson = '{' +'"image" : "'+imageBase64+'"' +'}'; var req = new XMLHttpRequest(); var body = JSON.parse(datajson) if ('withCredentials' in req) { req.open('POST', URL, true); req.setRequestHeader('Content-Type', 'application/json'); req.onreadystatechange = handleResponse(req); req.send(body); }

The error I get in browser is:

OPTIONS http://blablabla 405 (Method Not Allowed)
sendToBioFace @ myjavascript.js:38
send @ myjavascript.js:56
onclick @ (index):13
(index):1 Failed to load http://blablabla: Response for preflight has invalid HTTP status code 405

Find below the Headers:

Request URL:http://blablabla.com Request Method:OPTIONS Status Code:405 Method Not Allowed Remote Address: destinationip:16111 Referrer Policy:no-referrer-when-downgrade Response Headers Access-Control-Allow-Headers:X-Requested-With,Content-Type Access-Control-Allow-Origin:* Access-Control-Request-Method:POST,GET,PUT,DELETE,OPTIONS Allow:POST Content-Length:1569 Content-Type:text/html; charset=UTF-8 Date:Sun, 28 Jan 2018 19:13:42 GMT Server:Microsoft-HTTPAPI/2.0 Request Headers Accept:*/* Accept-Encoding:gzip, deflate Accept-Language:es-ES,es;q=0.9,en;q=0.8 Access-Control-Request-Headers:content-type Access-Control-Request-Method:POST Cache-Control:no-cache Connection:keep-alive Host: destinationip:16111 Origin:http://localhost:8080 Pragma:no-cache User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
Improve this question
5
  • I do not see "method" in your request headers? Commented Jan 28, 2018 at 19:40
  • 1
    It's a problem on the remote blablabla side. Contact their support team and check their documentation to ensure you're following it right. Commented Jan 28, 2018 at 19:58
  • 1
    Whenever you send CORS requests to the remote API with a payload, the browser will send an OPTIONS request, which has to return status 200 and the three header values Access-Control-Allow-Headers, Access-Control-Allow-Origin, Access-Control-Request-Method. The browser will then check your CORS request against these values and only send it if the values and your request match. Obviously, the remote API does not allow OPTIONS requests, so you cannot call their JSON endpoints from your domains. Without knowing which remote API you are using, we cannot give you any more advice than that. Commented Jan 28, 2018 at 21:24
  • Doing a request either from Postman or a python script... it works. Commented Jan 29, 2018 at 1:33
  • @JorgeGarciaDominguez that's because CORS is designed for browsers. Postman and your python script do not and should not respect it. Commented Jan 29, 2018 at 3:34

1 Answer 1

Reset to default
-1

You are trying to send cross domain request but the headers that you sent doesn't include OPTIONS.

You should add OPTIONS request header to your outgoing requests.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Could you elaborate (with exact examples of headers and references to the specs/docs)? At this moment the whole answer does not make much sense.
There are 2 headers that you have to specify for a request like this. 1. Access-Control-Allow-Origin: * 2. Access-Control-Allow-Headers :Origin, X-Requested-With, Content-Type, Accept
Any chance you provide the exact values and a reference to the spec? I'm not aware of anything special, CORS worked just like that without any problems.
And they ARE in the response. You do not put it in the request.
Please apologize me, but I don´t understand your suggestion. Should I set any request header? Should I provide more information?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.