I started ajax post request to a php file like this:
$.post("URL_TO_PHP_FIlE", {parameter: 1}, function(response) { console.log(response) }
And I get a response, but this should not be possible, because my php file only allows GET instead of POST:
header('Access-Control-Allow-Methods: GET');
Where is my fault?
Advertisement
Answer
The Access-Control-Allow-Methods
header is used in the preflight response to give the client a hint at which methods are allowed. It does not automatically block any incoming requests of any other type – that’s something that you have to implement on your side, e.g. by returning a 405 Method Not Allowed
status code.
if ( $_SERVER['REQUEST_METHOD'] !== 'GET' ) { http_response_code(405); exit; }