Skip to content
Advertisement

post request allowed although denied

I started ajax post request to a php file like this:

JavaScript

And I get a response, but this should not be possible, because my php file only allows GET instead of POST:

JavaScript

Where is my fault?

Advertisement

Answer

The Access-Control-Allow-Methods header is used in the preflight response to give the client a hint at which methods are allowed. It does not automatically block any incoming requests of any other type – that’s something that you have to implement on your side, e.g. by returning a 405 Method Not Allowed status code.

JavaScript
User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement