PUT and DELETE requests unsuccessful on PHP REST API, but POST and GET are fine

Question

I've got a slimPHP REST API built. Here's what I have for headers:

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true"); 
header('Access-Control-Allow-Headers: origin, content-type, accept');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT');
header('Access-Control-Max-Age: 86400');

Yet when I try a cross-domain PUT or DELETE request, all I get is (sample domains):

XMLHttpRequest cannot load http://www.example.com/api/x.
Origin http://www.example.com is not allowed by Access-Control-Allow-Origin.

Any idea why this is happening if Access-Control-Allow-Origin is set to * ?

What kind of server are you running it on? – MysteriousWhisper Jul 24 '13 at 18:26 — MysteriousWhisper, Jul 24 '13 at 18:26

score 1 · Answer 1 · edited Jun 20 '20 at 09:12

From the Slim Framework Documentation:

Unfortunately, modern browsers do not provide native support for HTTP PUT requests. To work around this limitation, ensure your HTML form’s method attribute is “post”, then add a method override parameter to your HTML form like this:
    <form action="/books/1" method="post">
        ... other form fields here...
        <input type="hidden" name="_METHOD" value="PUT"/>
        <input type="submit" value="Update Book"/>
    </form>
If you are using Backbone.js or a command-line HTTP client, you may also override the HTTP method by using the X-HTTP-Method-Override header.

You can use any request type you would like (including custom ones like foo), but GET and POST are the only ones natively supported by modern browsers.

PUT and DELETE requests unsuccessful on PHP REST API, but POST and GET are fine

1 Answers1