I started ajax post request to a php file like this:
$.post("URL_TO_PHP_FIlE", {parameter: 1}, function(response) {
console.log(response)
}
And I get a response, but this should not be possible, because my php file only allows GET instead of POST:
header('Access-Control-Allow-Methods: GET');
Where is my fault?
Advertisement
Answer
The Access-Control-Allow-Methods header is used in the preflight response to give the client a hint at which methods are allowed. It does not automatically block any incoming requests of any other type – that’s something that you have to implement on your side, e.g. by returning a 405 Method Not Allowed status code.
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) {
http_response_code(405); exit;
}