I'm sending a POST to the Request URL and getting this in the Headers.
Request URL: Request URL: https://www.host.com/path/file.php/api
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: AA.BB.CC.DD:443
Referrer Policy: no-referrer-when-downgrade
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Length: 3
Content-Type: text/html; charset=UTF-8
Date: Fri, 29 Nov 2019 09:54:10 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=eik5ssn2jc0514i2mu1943quk1; path=/
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Cache-Control: no-cache
Connection: keep-alive
Host: www.host.com
Origin: https://origin.com
Pragma: no-cache
Referer: https://origin.com/form
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
This is the CORS error I'm facing:
Access to XMLHttpRequest at 'https://www.host.com/path/api' from origin 'https://origin.com' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.
core.js:6014 ERROR HttpErrorResponse {headers: HttpHeaders, status: 0, statusText: "Unknown Error", url: "https://www.host.com/path/api", ok: false, …}
We are using Angular and they are using PHP in the backend. Now, the backend team (another city, another developer team) is saying that we shouldn't send request method as OPTIONS
but directly as POST
.
What could be the possible scenario here? I'm trying to figure out how to bypass OPTIONS
. Isn't this a backend issue that needs to be fixed from their end?
PS: We are successful in sending a GET Request.