This HTTP Error is sent back in the response by a web service following to an HTTP Ajax Request. This is a CORS (Cross Origin Resource Sharing) error, because it's originated by the different domains of the web Referer (the Requesting URL) and the Web Service (the Requested URL).
Frequently this error looks like this:
Step by step how to fix the CORS Error 'Method DELETE is not allowed by Access-Control-Allow-Methods'
The internet web tool that we're using in this tutorial is the Chrome's Developer Tool (F12).
Normally, in the case of an status 200 (OK) response, we would have the following HTTP Headers at the "Network" tab, meaning that the HTTP request has been accepted:
As you notice , both URLs ( requested- requesting URLs) belong to the same Domain ("http://localhost:XXXX/"):
No problem here.
However, in our case, we probably got some Error like the following:
If you open the Headers tab, and take a look at the URLs of both Referer and web service, you'll notice the following:
You can note that they are different domains: we have a CORS (Cross Origin Resources Sharing) problem here. The browser has sent an HTTP OPTIONS request to the service, asking it whether it will accept an HTTP DELETE request, by using the Access-Control-Request-Method header.
Now here at the Response Headers, we see that the Access-Control-Request-Method header do not include the HTTP DELETE method, which is therefore not allowed:
Usually, CORS problems are issued because the Access-Control-Request-Origin do not accept Ajax requests from Domains other than its own domain.
Here the CORS problem is about the HTTP Method being used.
To fix it, you must be allowed access to the Web Service's web.config file , where the "httpProtocols" are located:
Once there, first check that the allowed origins are all domains ( "*" ).
Next, add to the Access-Control-Request-Method the one you need: HTTP DELETE in our case:
Save the web.config file, and send the Request again:
This time, the HTTP OPTIONS returns an status 200 (OK), informing to your browser that the "DELETE" request is indeed allowed:
Now is up to the browser to send the HTTP DELETE request, and this time, the response get status 200 (OK) :
Happy programming.....
by Carmel Schvartzman
Normally, in the case of an status 200 (OK) response, we would have the following HTTP Headers at the "Network" tab, meaning that the HTTP request has been accepted:
No problem here.
However, in our case, we probably got some Error like the following:
If you open the Headers tab, and take a look at the URLs of both Referer and web service, you'll notice the following:
You can note that they are different domains: we have a CORS (Cross Origin Resources Sharing) problem here. The browser has sent an HTTP OPTIONS request to the service, asking it whether it will accept an HTTP DELETE request, by using the Access-Control-Request-Method header.
Now here at the Response Headers, we see that the Access-Control-Request-Method header do not include the HTTP DELETE method, which is therefore not allowed:
Usually, CORS problems are issued because the Access-Control-Request-Origin do not accept Ajax requests from Domains other than its own domain.
Here the CORS problem is about the HTTP Method being used.
To fix it, you must be allowed access to the Web Service's web.config file , where the "httpProtocols" are located:
Once there, first check that the allowed origins are all domains ( "*" ).
Next, add to the Access-Control-Request-Method the one you need: HTTP DELETE in our case:
Save the web.config file, and send the Request again:
This time, the HTTP OPTIONS returns an status 200 (OK), informing to your browser that the "DELETE" request is indeed allowed:
Now is up to the browser to send the HTTP DELETE request, and this time, the response get status 200 (OK) :
We hope that this post has helped you ..
Happy programming.....
by Carmel Schvartzman
כתב: כרמל שוורצמן