JAX-RX - Blocked by CORS policy: Method PATCH is not allowed by Access-Control-Allow-Methods in preflight...











up vote
0
down vote

favorite












I am using Spring boot with Jersey 2.1



and Ionic to develop an App, I've tried every single post I've found but none solved this problem for me the error I am getting, including those which say about creating the @PATCH interface annotation yourself.



So, the thing is I am getting this error on the client side when testing on the browser when doing a PATCH request:




Access to XMLHttpRequest at '' from origin 'http://localhost:8100' has
been blocked by CORS policy: Method PATCH is not allowed by
Access-Control-Allow-Methods in preflight response.




The filters I have for the response is the following, I don't understand why I'm getting this if I have PATCH as an allowed method and it works perfectly on Postman:



Filter:



@Provider

public final class ResponseFilter implements ContainerResponseFilter {



    @Override

    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {

        MultivaluedMap<String, Object> headers = responseContext.getHeaders();



        headers.putSingle("Accept-Patch", "*");

        headers.putSingle("Access-Control-Allow-Origin", "*");

        headers.putSingle("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE, PATCH");

        headers.putSingle("Access-Control-Allow-Credentials", "true");

        headers.putSingle("Access-Control-Max-Age", "3600");

        headers.putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");

    }

}


Method which uses PATCH:



import javax.ws.rs.PATCH;





@PATCH

    @Path("/{username}")

@Produces(MediaType.APPLICATION_JSON)

    public Response actualizarPassword(@Valid @NotNull(message = "user must not be null") final UserDTO userDTO,

                                      @PathParam("username") final String username,

                                      @QueryParam("codigo") @NotNull(message = "codigo musnt be null") final String codigo) {

        userDTO.setUsername(username);

        this.usersService.actualizarPassword(this.userDTOMapper.map(userDTO), codigo);



        return Response.noContent().build();

    }


As I said, I also tried to create an annotation with PATCH as I read in some answers but this http method is supposed to be included on Jersey 2.1 and it indeed is as it can be see in the previous piece of code, the interface I created was:



@Target({ElementType.METHOD})

@Retention(RetentionPolicy.RUNTIME)

@HttpMethod("PATCH")

public @interface PATCH {

}


And if I do a POSTMAN request, these are the headers I get:



Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

X-Content-Type-Options →nosniff

X-XSS-Protection →1; mode=block

Cache-Control →no-cache, no-store, max-age=0, must-revalidate

Pragma →no-cache

Expires →0

X-Frame-Options →DENY

Content-Type →application/json

Content-Length →54

Date →Wed, 07 Nov 2018 07:46:45 GMT


And incase it's somehow related, this is my SpringSecurity config:



@Configuration

@EnableWebSecurity

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .authorizeRequests().anyRequest().permitAll()

                .and()

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()

                .csrf().disable();

    }



    @Override

    public void configure(WebSecurity web ) throws Exception

    {

        web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );

    }

}


UPDATE 1



I've printed the code that the response has and I get a 200. However, I keep getting this error.



UPDATE 2



As requested by sideshowbarker, I made an OPTIONS request with POSTMAN and this is the headers:



Allow →HEAD,GET,OPTIONS,PUT,PATCH

Last-modified →Wed, 07 Nov 2018 10:07:57 GMT+01:00

Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

Content-Type →application/vnd.sun.wadl+xml

Content-Length →1165

Date →Wed, 07 Nov 2018 09:07:57 GMT


UPDATE 3



I checked the headers in dev tools as suggested by and the PATCH method isn't there. Why is this? Why is it there if I use POSTMAN but not with my Ionic App?



enter image description here



Please help, I've been struggling with this for days...



Thanks






java spring-boot cors jax-rs patch







share|improve this question




















  • 1




    Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
    – sideshowbarker
    Nov 7 at 8:49












  • done, I put the response in the 2nd update @sideshowbarker
    – Wrong
    Nov 7 at 9:11






  • 1




    The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
    – sideshowbarker
    Nov 7 at 9:31










  • I've updated the 'update 2' @sideshowbarker
    – Wrong
    Nov 7 at 9:33






  • 1




    You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
    – sideshowbarker
    Nov 7 at 10:41















up vote
0
down vote

favorite












I am using Spring boot with Jersey 2.1



and Ionic to develop an App, I've tried every single post I've found but none solved this problem for me the error I am getting, including those which say about creating the @PATCH interface annotation yourself.



So, the thing is I am getting this error on the client side when testing on the browser when doing a PATCH request:




Access to XMLHttpRequest at '' from origin 'http://localhost:8100' has
been blocked by CORS policy: Method PATCH is not allowed by
Access-Control-Allow-Methods in preflight response.




The filters I have for the response is the following, I don't understand why I'm getting this if I have PATCH as an allowed method and it works perfectly on Postman:



Filter:



@Provider

public final class ResponseFilter implements ContainerResponseFilter {



    @Override

    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {

        MultivaluedMap<String, Object> headers = responseContext.getHeaders();



        headers.putSingle("Accept-Patch", "*");

        headers.putSingle("Access-Control-Allow-Origin", "*");

        headers.putSingle("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE, PATCH");

        headers.putSingle("Access-Control-Allow-Credentials", "true");

        headers.putSingle("Access-Control-Max-Age", "3600");

        headers.putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");

    }

}


Method which uses PATCH:



import javax.ws.rs.PATCH;





@PATCH

    @Path("/{username}")

@Produces(MediaType.APPLICATION_JSON)

    public Response actualizarPassword(@Valid @NotNull(message = "user must not be null") final UserDTO userDTO,

                                      @PathParam("username") final String username,

                                      @QueryParam("codigo") @NotNull(message = "codigo musnt be null") final String codigo) {

        userDTO.setUsername(username);

        this.usersService.actualizarPassword(this.userDTOMapper.map(userDTO), codigo);



        return Response.noContent().build();

    }


As I said, I also tried to create an annotation with PATCH as I read in some answers but this http method is supposed to be included on Jersey 2.1 and it indeed is as it can be see in the previous piece of code, the interface I created was:



@Target({ElementType.METHOD})

@Retention(RetentionPolicy.RUNTIME)

@HttpMethod("PATCH")

public @interface PATCH {

}


And if I do a POSTMAN request, these are the headers I get:



Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

X-Content-Type-Options →nosniff

X-XSS-Protection →1; mode=block

Cache-Control →no-cache, no-store, max-age=0, must-revalidate

Pragma →no-cache

Expires →0

X-Frame-Options →DENY

Content-Type →application/json

Content-Length →54

Date →Wed, 07 Nov 2018 07:46:45 GMT


And incase it's somehow related, this is my SpringSecurity config:



@Configuration

@EnableWebSecurity

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .authorizeRequests().anyRequest().permitAll()

                .and()

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()

                .csrf().disable();

    }



    @Override

    public void configure(WebSecurity web ) throws Exception

    {

        web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );

    }

}


UPDATE 1



I've printed the code that the response has and I get a 200. However, I keep getting this error.



UPDATE 2



As requested by sideshowbarker, I made an OPTIONS request with POSTMAN and this is the headers:



Allow →HEAD,GET,OPTIONS,PUT,PATCH

Last-modified →Wed, 07 Nov 2018 10:07:57 GMT+01:00

Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

Content-Type →application/vnd.sun.wadl+xml

Content-Length →1165

Date →Wed, 07 Nov 2018 09:07:57 GMT


UPDATE 3



I checked the headers in dev tools as suggested by and the PATCH method isn't there. Why is this? Why is it there if I use POSTMAN but not with my Ionic App?



enter image description here



Please help, I've been struggling with this for days...



Thanks






java spring-boot cors jax-rs patch







share|improve this question




















  • 1




    Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
    – sideshowbarker
    Nov 7 at 8:49












  • done, I put the response in the 2nd update @sideshowbarker
    – Wrong
    Nov 7 at 9:11






  • 1




    The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
    – sideshowbarker
    Nov 7 at 9:31










  • I've updated the 'update 2' @sideshowbarker
    – Wrong
    Nov 7 at 9:33






  • 1




    You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
    – sideshowbarker
    Nov 7 at 10:41













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I am using Spring boot with Jersey 2.1



and Ionic to develop an App, I've tried every single post I've found but none solved this problem for me the error I am getting, including those which say about creating the @PATCH interface annotation yourself.



So, the thing is I am getting this error on the client side when testing on the browser when doing a PATCH request:




Access to XMLHttpRequest at '' from origin 'http://localhost:8100' has
been blocked by CORS policy: Method PATCH is not allowed by
Access-Control-Allow-Methods in preflight response.




The filters I have for the response is the following, I don't understand why I'm getting this if I have PATCH as an allowed method and it works perfectly on Postman:



Filter:



@Provider

public final class ResponseFilter implements ContainerResponseFilter {



    @Override

    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {

        MultivaluedMap<String, Object> headers = responseContext.getHeaders();



        headers.putSingle("Accept-Patch", "*");

        headers.putSingle("Access-Control-Allow-Origin", "*");

        headers.putSingle("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE, PATCH");

        headers.putSingle("Access-Control-Allow-Credentials", "true");

        headers.putSingle("Access-Control-Max-Age", "3600");

        headers.putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");

    }

}


Method which uses PATCH:



import javax.ws.rs.PATCH;





@PATCH

    @Path("/{username}")

@Produces(MediaType.APPLICATION_JSON)

    public Response actualizarPassword(@Valid @NotNull(message = "user must not be null") final UserDTO userDTO,

                                      @PathParam("username") final String username,

                                      @QueryParam("codigo") @NotNull(message = "codigo musnt be null") final String codigo) {

        userDTO.setUsername(username);

        this.usersService.actualizarPassword(this.userDTOMapper.map(userDTO), codigo);



        return Response.noContent().build();

    }


As I said, I also tried to create an annotation with PATCH as I read in some answers but this http method is supposed to be included on Jersey 2.1 and it indeed is as it can be see in the previous piece of code, the interface I created was:



@Target({ElementType.METHOD})

@Retention(RetentionPolicy.RUNTIME)

@HttpMethod("PATCH")

public @interface PATCH {

}


And if I do a POSTMAN request, these are the headers I get:



Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

X-Content-Type-Options →nosniff

X-XSS-Protection →1; mode=block

Cache-Control →no-cache, no-store, max-age=0, must-revalidate

Pragma →no-cache

Expires →0

X-Frame-Options →DENY

Content-Type →application/json

Content-Length →54

Date →Wed, 07 Nov 2018 07:46:45 GMT


And incase it's somehow related, this is my SpringSecurity config:



@Configuration

@EnableWebSecurity

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .authorizeRequests().anyRequest().permitAll()

                .and()

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()

                .csrf().disable();

    }



    @Override

    public void configure(WebSecurity web ) throws Exception

    {

        web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );

    }

}


UPDATE 1



I've printed the code that the response has and I get a 200. However, I keep getting this error.



UPDATE 2



As requested by sideshowbarker, I made an OPTIONS request with POSTMAN and this is the headers:



Allow →HEAD,GET,OPTIONS,PUT,PATCH

Last-modified →Wed, 07 Nov 2018 10:07:57 GMT+01:00

Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

Content-Type →application/vnd.sun.wadl+xml

Content-Length →1165

Date →Wed, 07 Nov 2018 09:07:57 GMT


UPDATE 3



I checked the headers in dev tools as suggested by and the PATCH method isn't there. Why is this? Why is it there if I use POSTMAN but not with my Ionic App?



enter image description here



Please help, I've been struggling with this for days...



Thanks






java spring-boot cors jax-rs patch







share|improve this question















I am using Spring boot with Jersey 2.1



and Ionic to develop an App, I've tried every single post I've found but none solved this problem for me the error I am getting, including those which say about creating the @PATCH interface annotation yourself.



So, the thing is I am getting this error on the client side when testing on the browser when doing a PATCH request:




Access to XMLHttpRequest at '' from origin 'http://localhost:8100' has
been blocked by CORS policy: Method PATCH is not allowed by
Access-Control-Allow-Methods in preflight response.




The filters I have for the response is the following, I don't understand why I'm getting this if I have PATCH as an allowed method and it works perfectly on Postman:



Filter:



@Provider

public final class ResponseFilter implements ContainerResponseFilter {



    @Override

    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {

        MultivaluedMap<String, Object> headers = responseContext.getHeaders();



        headers.putSingle("Accept-Patch", "*");

        headers.putSingle("Access-Control-Allow-Origin", "*");

        headers.putSingle("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE, PATCH");

        headers.putSingle("Access-Control-Allow-Credentials", "true");

        headers.putSingle("Access-Control-Max-Age", "3600");

        headers.putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");

    }

}


Method which uses PATCH:



import javax.ws.rs.PATCH;





@PATCH

    @Path("/{username}")

@Produces(MediaType.APPLICATION_JSON)

    public Response actualizarPassword(@Valid @NotNull(message = "user must not be null") final UserDTO userDTO,

                                      @PathParam("username") final String username,

                                      @QueryParam("codigo") @NotNull(message = "codigo musnt be null") final String codigo) {

        userDTO.setUsername(username);

        this.usersService.actualizarPassword(this.userDTOMapper.map(userDTO), codigo);



        return Response.noContent().build();

    }


As I said, I also tried to create an annotation with PATCH as I read in some answers but this http method is supposed to be included on Jersey 2.1 and it indeed is as it can be see in the previous piece of code, the interface I created was:



@Target({ElementType.METHOD})

@Retention(RetentionPolicy.RUNTIME)

@HttpMethod("PATCH")

public @interface PATCH {

}


And if I do a POSTMAN request, these are the headers I get:



Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

X-Content-Type-Options →nosniff

X-XSS-Protection →1; mode=block

Cache-Control →no-cache, no-store, max-age=0, must-revalidate

Pragma →no-cache

Expires →0

X-Frame-Options →DENY

Content-Type →application/json

Content-Length →54

Date →Wed, 07 Nov 2018 07:46:45 GMT


And incase it's somehow related, this is my SpringSecurity config:



@Configuration

@EnableWebSecurity

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .authorizeRequests().anyRequest().permitAll()

                .and()

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()

                .csrf().disable();

    }



    @Override

    public void configure(WebSecurity web ) throws Exception

    {

        web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );

    }

}


UPDATE 1



I've printed the code that the response has and I get a 200. However, I keep getting this error.



UPDATE 2



As requested by sideshowbarker, I made an OPTIONS request with POSTMAN and this is the headers:



Allow →HEAD,GET,OPTIONS,PUT,PATCH

Last-modified →Wed, 07 Nov 2018 10:07:57 GMT+01:00

Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

Content-Type →application/vnd.sun.wadl+xml

Content-Length →1165

Date →Wed, 07 Nov 2018 09:07:57 GMT


UPDATE 3



I checked the headers in dev tools as suggested by and the PATCH method isn't there. Why is this? Why is it there if I use POSTMAN but not with my Ionic App?



enter image description here



Please help, I've been struggling with this for days...



Thanks






java spring-boot cors jax-rs patch




java spring-boot cors jax-rs patch






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 7 at 13:40

























asked Nov 7 at 7:49









Wrong

12210




12210








  • 1




    Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
    – sideshowbarker
    Nov 7 at 8:49












  • done, I put the response in the 2nd update @sideshowbarker
    – Wrong
    Nov 7 at 9:11






  • 1




    The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
    – sideshowbarker
    Nov 7 at 9:31










  • I've updated the 'update 2' @sideshowbarker
    – Wrong
    Nov 7 at 9:33






  • 1




    You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
    – sideshowbarker
    Nov 7 at 10:41














  • 1




    Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
    – sideshowbarker
    Nov 7 at 8:49












  • done, I put the response in the 2nd update @sideshowbarker
    – Wrong
    Nov 7 at 9:11






  • 1




    The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
    – sideshowbarker
    Nov 7 at 9:31










  • I've updated the 'update 2' @sideshowbarker
    – Wrong
    Nov 7 at 9:33






  • 1




    You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
    – sideshowbarker
    Nov 7 at 10:41








1




1




Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
– sideshowbarker
Nov 7 at 8:49






Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
– sideshowbarker
Nov 7 at 8:49














done, I put the response in the 2nd update @sideshowbarker
– Wrong
Nov 7 at 9:11




done, I put the response in the 2nd update @sideshowbarker
– Wrong
Nov 7 at 9:11




1




1




The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
– sideshowbarker
Nov 7 at 9:31




The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
– sideshowbarker
Nov 7 at 9:31












I've updated the 'update 2' @sideshowbarker
– Wrong
Nov 7 at 9:33




I've updated the 'update 2' @sideshowbarker
– Wrong
Nov 7 at 9:33




1




1




You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
– sideshowbarker
Nov 7 at 10:41




You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
– sideshowbarker
Nov 7 at 10:41












1 Answer
1






active

oldest

votes

















up vote
0
down vote



accepted










Okay I am so idiot that I can't even believe it myself. I was using this plugin for Chrome



which was modifying the headers from the response. Noticed it thanks to @sideshowbarker . It's such an idiot thing but that I bet it might happen to other people too.



Thanks alot @sideshowbarker.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














     

    draft saved


    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53185346%2fjax-rx-blocked-by-cors-policy-method-patch-is-not-allowed-by-access-control-a%23new-answer', 'question_page');
    }
    );

    Post as a guest


















    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote



    accepted










    Okay I am so idiot that I can't even believe it myself. I was using this plugin for Chrome



    which was modifying the headers from the response. Noticed it thanks to @sideshowbarker . It's such an idiot thing but that I bet it might happen to other people too.



    Thanks alot @sideshowbarker.






    share|improve this answer



























      up vote
      0
      down vote



      accepted










      Okay I am so idiot that I can't even believe it myself. I was using this plugin for Chrome



      which was modifying the headers from the response. Noticed it thanks to @sideshowbarker . It's such an idiot thing but that I bet it might happen to other people too.



      Thanks alot @sideshowbarker.






      share|improve this answer

























        up vote
        0
        down vote



        accepted







        up vote
        0
        down vote



        accepted






        Okay I am so idiot that I can't even believe it myself. I was using this plugin for Chrome



        which was modifying the headers from the response. Noticed it thanks to @sideshowbarker . It's such an idiot thing but that I bet it might happen to other people too.



        Thanks alot @sideshowbarker.






        share|improve this answer














        Okay I am so idiot that I can't even believe it myself. I was using this plugin for Chrome



        which was modifying the headers from the response. Noticed it thanks to @sideshowbarker . It's such an idiot thing but that I bet it might happen to other people too.



        Thanks alot @sideshowbarker.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 7 at 14:05

























        answered Nov 7 at 13:59









        Wrong

        12210




        12210






























             

            draft saved


            draft discarded



















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53185346%2fjax-rx-blocked-by-cors-policy-method-patch-is-not-allowed-by-access-control-a%23new-answer', 'question_page');
            }
            );

            Post as a guest






































































            -

            這個網誌中的熱門文章

            Tangent Lines Diagram Along Smooth Curve

            圖片
            7 1 I am trying to replicate a diagram and have a minimal example. I don't know how to add additional tangents between the specified points and preserve smoothness. documentclass{article} usepackage{tikz} usetikzlibrary{calc,intersections} begin{document} begin{tikzpicture} % Axes draw [->, name path=x] (-1,0) -- (11,0) node [right] {$x$}; draw [->] (0,-1) -- (0,6) node [above] {$y$}; % Origin node at (0,0) [below left] {$0$}; % Points coordinate (start) at (1,-0.8); coordinate (c1) at (3,3); coordinate (c2) at (5.5,1.5); coordinate (c3) at (8,4); coordinate (end) at (10.5,-0.8); % show the points foreach n in {start,c1,c2,c3,end} fill [black] (n) circle (2pt) node [below] {}; % join the coordinates draw [thick,name path=curve] (start) to[out=70,in=180] (c1) to[out=0,in=180]
            閱讀完整內容

            Yusuf al-Mu'taman ibn Hud

            圖片
            Main article: Taifa of Zaragoza Al-Mu'taman Ruler of Zaragoza Reign 1081–1085 Predecessor Ahmad al-Muqtadir Successor Al-Mustain II Born Zaragoza Died 1085 Full name Yusuf ibn Ahmad al-Mu'taman ibn Hūd House Banu Hud Yusuf ibn Ahmad al-Mu'taman ibn Hūd (Arabic: المؤتمن بالله يوسف إبن أحمد إبن هود ‎, al-Mutaman bi l-Lah , died c. 1085) was the third king of the Banu Hud dynasty who ruled over the Taifa of Zaragoza from 1081 to 1085. Yusuf al-Mutaman reigned during the height of power of Muslim Zaragoza , following the thriving period of his father Ahmad al-Muqtadir. He continued his father's efforts and created around him a court of intellectuals, living in the beautiful palace of Aljafería, nicknamed as "the palace of joy". Al-Mu'taman was also a scholarly king and a patron of science, philosophy and arts. As an example of a wise king, he knew astrology, philosophy, and especially mathematics, a discipline in which
            閱讀完整內容

            Zucchini

            圖片
            This article is about the vegetable. For other uses, see Zucchini (disambiguation). Zucchini (courgette) A striped and a uniform color zucchini Genus Cucurbita Species Cucurbita pepo Origin 19th century northern Italy The zucchini ( / z uː ˈ k iː n i / , American English) or courgette ( / k ʊər ˈ ʒ ɛ t / , British English) is a summer squash which can reach nearly 1 metre (100 cm; 39 in) in length, but is usually harvested when still immature at about 15 to 25 cm (6 to 10 in). [1] A zucchini is a thin-skinned cultivar of what in Britain and Ireland is referred to as a marrow. [2] [3] In South Africa, a zucchini is known as a baby marrow. Along with certain other squashes and pumpkins, the zucchini belongs to the species Cucurbita pepo . It can be dark or light green. A related hybrid, the golden zucchini, is a deep yellow or orange color. [4] In a culinary context, the zucchini is treated as a vegetable; it is usually cooked and presented as a savory dish o
            閱讀完整內容