current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
stack overflow careers
Sign up ×
Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them, it only takes a minute:
up vote 0 down vote favorite

I'm struggling with this issue since many hours... :-(

My grunt-served angular app issues an $http GET request to a simple PHP service on the same host (apache), to get a list of persons. The result I get is an OPTIONS request (???), which gets a 405 response... But why an OPTIONS pre-flight request before a GET???

These are the details of my setup:

Grunt config Gruntfile.js:

grunt.initConfig({
  ...
  connect: {
    options: {
      port: 9000,
      hostname: '0.0.0.0',
      livereload: 35729
    },
  },
  ...

Angular service persons.js:

app.service('Persons', function($http) {
  ...
  return({
    getPersons: function () {
      return $http({
        method: 'get',
        url: http://192.168.1.1/myapp/api/persons/get',
      }).then(handleSuccess, handleError);
    },
    ...
  });
  ...

File /api/persons/get/index.php:

...
header("Access-Control-Allow-Origin", "http://192.168.1.1:9000");
header("Access-Control-Allow-Methods", "Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With");
header("Access-Control-Allow-Headers", "GET, PUT, POST, OPTIONS, DELETE, X-XSRF-TOKEN");
echo json_encode($persons);

(In fact, server-side I use Slim framework, so this is "index.php" file, which server "/api/persons/..." requests via .htaccess: "... RewriteRule ^(.)$ index.php [QSA,L]"...*)

And this is the (sad :-() result I get:

Remote Address:192.168.1.1:80
Request URL:http://192.168.1.1/myapp/api/persons/get
Request Method:OPTIONS
Status Code:405 Method Not Allowed
Request Headersview source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,it-IT;q=0.6,it;q=0.4,tr;q=0.2,de;q=0.2
Access-Control-Request-Headers:accept, authorization
Access-Control-Request-Method:GET
Cache-Control:no-cache
Connection:keep-alive
Host:192.168.1.1
Origin:http://192.168.1.1:9000
Pragma:no-cache
Referer:http://192.168.1.1:9000/
User-Agent:Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36
Response Headersview source
Allow:GET HEAD
Connection:close
Content-Length:0
Content-Type:text/html;charset=UTF-8
Date:Fri, 30 Jan 2015 11:36:43 GMT
Server:Apache/2.2.15 (CentOS)
Set-Cookie:PHPSESSID=a5dbcfa18fcb64a29dbad999c6811d69; path=/
Set-Cookie:a5dbcfa18fcb64a29dbad999c6811d69=DEFAULT%7C0%7C2M3TMlgUx3gTlaarYzHIdD28l8q9FTcNubt55%2BUGpAo%3D%7C7456bf61db3500c8bb7b3bc38082a470ce4a2ad3; path=/
X-Powered-By:PHP/5.6.4

I did also try using grunt-connect-proxy, with no better results...

If I forgot any detail, please just ask...
And please, please, help... :-)

share|improve this question

1 Answer 1

up vote 1 down vote accepted

It's a CORS preflight is mandatory for cross domain request.

The OPTIONS call actually return the list of available method (GET, POST, etc..).

You should allow the OPTIONS call on your php backend : 

header('Access-Control-Allow-Methods: POST, GET, OPTIONS');

See there CORS not working php

share|improve this answer
    
GREAT! THANKS!!! I love you, man :-) The link you gave saved my day... But, CORS preflight is mandatory even for GET requests? I have to read CORS specifications again ... :-( – MarcoS Jan 30 at 13:38
    
:) I'm not sure it is mandatory either, but maybe it depends of the client sending the request. – Boris Charpentier Jan 30 at 13:44

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.