JAX-RX - Blocked by CORS policy: Method PATCH is not allowed by Access-Control-Allow-Methods in preflight...











up vote
0
down vote

favorite












I am using Spring boot with Jersey 2.1



and Ionic to develop an App, I've tried every single post I've found but none solved this problem for me the error I am getting, including those which say about creating the @PATCH interface annotation yourself.



So, the thing is I am getting this error on the client side when testing on the browser when doing a PATCH request:




Access to XMLHttpRequest at '' from origin 'http://localhost:8100' has
been blocked by CORS policy: Method PATCH is not allowed by
Access-Control-Allow-Methods in preflight response.




The filters I have for the response is the following, I don't understand why I'm getting this if I have PATCH as an allowed method and it works perfectly on Postman:



Filter:



@Provider

public final class ResponseFilter implements ContainerResponseFilter {



    @Override

    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {

        MultivaluedMap<String, Object> headers = responseContext.getHeaders();



        headers.putSingle("Accept-Patch", "*");

        headers.putSingle("Access-Control-Allow-Origin", "*");

        headers.putSingle("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE, PATCH");

        headers.putSingle("Access-Control-Allow-Credentials", "true");

        headers.putSingle("Access-Control-Max-Age", "3600");

        headers.putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");

    }

}


Method which uses PATCH:



import javax.ws.rs.PATCH;





@PATCH

    @Path("/{username}")

@Produces(MediaType.APPLICATION_JSON)

    public Response actualizarPassword(@Valid @NotNull(message = "user must not be null") final UserDTO userDTO,

                                      @PathParam("username") final String username,

                                      @QueryParam("codigo") @NotNull(message = "codigo musnt be null") final String codigo) {

        userDTO.setUsername(username);

        this.usersService.actualizarPassword(this.userDTOMapper.map(userDTO), codigo);



        return Response.noContent().build();

    }


As I said, I also tried to create an annotation with PATCH as I read in some answers but this http method is supposed to be included on Jersey 2.1 and it indeed is as it can be see in the previous piece of code, the interface I created was:



@Target({ElementType.METHOD})

@Retention(RetentionPolicy.RUNTIME)

@HttpMethod("PATCH")

public @interface PATCH {

}


And if I do a POSTMAN request, these are the headers I get:



Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

X-Content-Type-Options →nosniff

X-XSS-Protection →1; mode=block

Cache-Control →no-cache, no-store, max-age=0, must-revalidate

Pragma →no-cache

Expires →0

X-Frame-Options →DENY

Content-Type →application/json

Content-Length →54

Date →Wed, 07 Nov 2018 07:46:45 GMT


And incase it's somehow related, this is my SpringSecurity config:



@Configuration

@EnableWebSecurity

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .authorizeRequests().anyRequest().permitAll()

                .and()

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()

                .csrf().disable();

    }



    @Override

    public void configure(WebSecurity web ) throws Exception

    {

        web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );

    }

}


UPDATE 1



I've printed the code that the response has and I get a 200. However, I keep getting this error.



UPDATE 2



As requested by sideshowbarker, I made an OPTIONS request with POSTMAN and this is the headers:



Allow →HEAD,GET,OPTIONS,PUT,PATCH

Last-modified →Wed, 07 Nov 2018 10:07:57 GMT+01:00

Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

Content-Type →application/vnd.sun.wadl+xml

Content-Length →1165

Date →Wed, 07 Nov 2018 09:07:57 GMT


UPDATE 3



I checked the headers in dev tools as suggested by and the PATCH method isn't there. Why is this? Why is it there if I use POSTMAN but not with my Ionic App?



enter image description here



Please help, I've been struggling with this for days...



Thanks






java spring-boot cors jax-rs patch







share|improve this question




















  • 1




    Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
    – sideshowbarker
    Nov 7 at 8:49












  • done, I put the response in the 2nd update @sideshowbarker
    – Wrong
    Nov 7 at 9:11






  • 1




    The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
    – sideshowbarker
    Nov 7 at 9:31










  • I've updated the 'update 2' @sideshowbarker
    – Wrong
    Nov 7 at 9:33






  • 1




    You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
    – sideshowbarker
    Nov 7 at 10:41















up vote
0
down vote

favorite












I am using Spring boot with Jersey 2.1



and Ionic to develop an App, I've tried every single post I've found but none solved this problem for me the error I am getting, including those which say about creating the @PATCH interface annotation yourself.



So, the thing is I am getting this error on the client side when testing on the browser when doing a PATCH request:




Access to XMLHttpRequest at '' from origin 'http://localhost:8100' has
been blocked by CORS policy: Method PATCH is not allowed by
Access-Control-Allow-Methods in preflight response.




The filters I have for the response is the following, I don't understand why I'm getting this if I have PATCH as an allowed method and it works perfectly on Postman:



Filter:



@Provider

public final class ResponseFilter implements ContainerResponseFilter {



    @Override

    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {

        MultivaluedMap<String, Object> headers = responseContext.getHeaders();



        headers.putSingle("Accept-Patch", "*");

        headers.putSingle("Access-Control-Allow-Origin", "*");

        headers.putSingle("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE, PATCH");

        headers.putSingle("Access-Control-Allow-Credentials", "true");

        headers.putSingle("Access-Control-Max-Age", "3600");

        headers.putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");

    }

}


Method which uses PATCH:



import javax.ws.rs.PATCH;





@PATCH

    @Path("/{username}")

@Produces(MediaType.APPLICATION_JSON)

    public Response actualizarPassword(@Valid @NotNull(message = "user must not be null") final UserDTO userDTO,

                                      @PathParam("username") final String username,

                                      @QueryParam("codigo") @NotNull(message = "codigo musnt be null") final String codigo) {

        userDTO.setUsername(username);

        this.usersService.actualizarPassword(this.userDTOMapper.map(userDTO), codigo);



        return Response.noContent().build();

    }


As I said, I also tried to create an annotation with PATCH as I read in some answers but this http method is supposed to be included on Jersey 2.1 and it indeed is as it can be see in the previous piece of code, the interface I created was:



@Target({ElementType.METHOD})

@Retention(RetentionPolicy.RUNTIME)

@HttpMethod("PATCH")

public @interface PATCH {

}


And if I do a POSTMAN request, these are the headers I get:



Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

X-Content-Type-Options →nosniff

X-XSS-Protection →1; mode=block

Cache-Control →no-cache, no-store, max-age=0, must-revalidate

Pragma →no-cache

Expires →0

X-Frame-Options →DENY

Content-Type →application/json

Content-Length →54

Date →Wed, 07 Nov 2018 07:46:45 GMT


And incase it's somehow related, this is my SpringSecurity config:



@Configuration

@EnableWebSecurity

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .authorizeRequests().anyRequest().permitAll()

                .and()

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()

                .csrf().disable();

    }



    @Override

    public void configure(WebSecurity web ) throws Exception

    {

        web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );

    }

}


UPDATE 1



I've printed the code that the response has and I get a 200. However, I keep getting this error.



UPDATE 2



As requested by sideshowbarker, I made an OPTIONS request with POSTMAN and this is the headers:



Allow →HEAD,GET,OPTIONS,PUT,PATCH

Last-modified →Wed, 07 Nov 2018 10:07:57 GMT+01:00

Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

Content-Type →application/vnd.sun.wadl+xml

Content-Length →1165

Date →Wed, 07 Nov 2018 09:07:57 GMT


UPDATE 3



I checked the headers in dev tools as suggested by and the PATCH method isn't there. Why is this? Why is it there if I use POSTMAN but not with my Ionic App?



enter image description here



Please help, I've been struggling with this for days...



Thanks






java spring-boot cors jax-rs patch







share|improve this question




















  • 1




    Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
    – sideshowbarker
    Nov 7 at 8:49












  • done, I put the response in the 2nd update @sideshowbarker
    – Wrong
    Nov 7 at 9:11






  • 1




    The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
    – sideshowbarker
    Nov 7 at 9:31










  • I've updated the 'update 2' @sideshowbarker
    – Wrong
    Nov 7 at 9:33






  • 1




    You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
    – sideshowbarker
    Nov 7 at 10:41













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I am using Spring boot with Jersey 2.1



and Ionic to develop an App, I've tried every single post I've found but none solved this problem for me the error I am getting, including those which say about creating the @PATCH interface annotation yourself.



So, the thing is I am getting this error on the client side when testing on the browser when doing a PATCH request:




Access to XMLHttpRequest at '' from origin 'http://localhost:8100' has
been blocked by CORS policy: Method PATCH is not allowed by
Access-Control-Allow-Methods in preflight response.




The filters I have for the response is the following, I don't understand why I'm getting this if I have PATCH as an allowed method and it works perfectly on Postman:



Filter:



@Provider

public final class ResponseFilter implements ContainerResponseFilter {



    @Override

    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {

        MultivaluedMap<String, Object> headers = responseContext.getHeaders();



        headers.putSingle("Accept-Patch", "*");

        headers.putSingle("Access-Control-Allow-Origin", "*");

        headers.putSingle("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE, PATCH");

        headers.putSingle("Access-Control-Allow-Credentials", "true");

        headers.putSingle("Access-Control-Max-Age", "3600");

        headers.putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");

    }

}


Method which uses PATCH:



import javax.ws.rs.PATCH;





@PATCH

    @Path("/{username}")

@Produces(MediaType.APPLICATION_JSON)

    public Response actualizarPassword(@Valid @NotNull(message = "user must not be null") final UserDTO userDTO,

                                      @PathParam("username") final String username,

                                      @QueryParam("codigo") @NotNull(message = "codigo musnt be null") final String codigo) {

        userDTO.setUsername(username);

        this.usersService.actualizarPassword(this.userDTOMapper.map(userDTO), codigo);



        return Response.noContent().build();

    }


As I said, I also tried to create an annotation with PATCH as I read in some answers but this http method is supposed to be included on Jersey 2.1 and it indeed is as it can be see in the previous piece of code, the interface I created was:



@Target({ElementType.METHOD})

@Retention(RetentionPolicy.RUNTIME)

@HttpMethod("PATCH")

public @interface PATCH {

}


And if I do a POSTMAN request, these are the headers I get:



Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

X-Content-Type-Options →nosniff

X-XSS-Protection →1; mode=block

Cache-Control →no-cache, no-store, max-age=0, must-revalidate

Pragma →no-cache

Expires →0

X-Frame-Options →DENY

Content-Type →application/json

Content-Length →54

Date →Wed, 07 Nov 2018 07:46:45 GMT


And incase it's somehow related, this is my SpringSecurity config:



@Configuration

@EnableWebSecurity

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .authorizeRequests().anyRequest().permitAll()

                .and()

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()

                .csrf().disable();

    }



    @Override

    public void configure(WebSecurity web ) throws Exception

    {

        web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );

    }

}


UPDATE 1



I've printed the code that the response has and I get a 200. However, I keep getting this error.



UPDATE 2



As requested by sideshowbarker, I made an OPTIONS request with POSTMAN and this is the headers:



Allow →HEAD,GET,OPTIONS,PUT,PATCH

Last-modified →Wed, 07 Nov 2018 10:07:57 GMT+01:00

Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

Content-Type →application/vnd.sun.wadl+xml

Content-Length →1165

Date →Wed, 07 Nov 2018 09:07:57 GMT


UPDATE 3



I checked the headers in dev tools as suggested by and the PATCH method isn't there. Why is this? Why is it there if I use POSTMAN but not with my Ionic App?



enter image description here



Please help, I've been struggling with this for days...



Thanks






java spring-boot cors jax-rs patch







share|improve this question















I am using Spring boot with Jersey 2.1



and Ionic to develop an App, I've tried every single post I've found but none solved this problem for me the error I am getting, including those which say about creating the @PATCH interface annotation yourself.



So, the thing is I am getting this error on the client side when testing on the browser when doing a PATCH request:




Access to XMLHttpRequest at '' from origin 'http://localhost:8100' has
been blocked by CORS policy: Method PATCH is not allowed by
Access-Control-Allow-Methods in preflight response.




The filters I have for the response is the following, I don't understand why I'm getting this if I have PATCH as an allowed method and it works perfectly on Postman:



Filter:



@Provider

public final class ResponseFilter implements ContainerResponseFilter {



    @Override

    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {

        MultivaluedMap<String, Object> headers = responseContext.getHeaders();



        headers.putSingle("Accept-Patch", "*");

        headers.putSingle("Access-Control-Allow-Origin", "*");

        headers.putSingle("Access-Control-Allow-Methods", "POST, PUT, GET, OPTIONS, DELETE, PATCH");

        headers.putSingle("Access-Control-Allow-Credentials", "true");

        headers.putSingle("Access-Control-Max-Age", "3600");

        headers.putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, Authorization");

    }

}


Method which uses PATCH:



import javax.ws.rs.PATCH;





@PATCH

    @Path("/{username}")

@Produces(MediaType.APPLICATION_JSON)

    public Response actualizarPassword(@Valid @NotNull(message = "user must not be null") final UserDTO userDTO,

                                      @PathParam("username") final String username,

                                      @QueryParam("codigo") @NotNull(message = "codigo musnt be null") final String codigo) {

        userDTO.setUsername(username);

        this.usersService.actualizarPassword(this.userDTOMapper.map(userDTO), codigo);



        return Response.noContent().build();

    }


As I said, I also tried to create an annotation with PATCH as I read in some answers but this http method is supposed to be included on Jersey 2.1 and it indeed is as it can be see in the previous piece of code, the interface I created was:



@Target({ElementType.METHOD})

@Retention(RetentionPolicy.RUNTIME)

@HttpMethod("PATCH")

public @interface PATCH {

}


And if I do a POSTMAN request, these are the headers I get:



Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

X-Content-Type-Options →nosniff

X-XSS-Protection →1; mode=block

Cache-Control →no-cache, no-store, max-age=0, must-revalidate

Pragma →no-cache

Expires →0

X-Frame-Options →DENY

Content-Type →application/json

Content-Length →54

Date →Wed, 07 Nov 2018 07:46:45 GMT


And incase it's somehow related, this is my SpringSecurity config:



@Configuration

@EnableWebSecurity

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {



    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .authorizeRequests().anyRequest().permitAll()

                .and()

                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()

                .csrf().disable();

    }



    @Override

    public void configure(WebSecurity web ) throws Exception

    {

        web.ignoring().antMatchers( HttpMethod.OPTIONS, "/**" );

    }

}


UPDATE 1



I've printed the code that the response has and I get a 200. However, I keep getting this error.



UPDATE 2



As requested by sideshowbarker, I made an OPTIONS request with POSTMAN and this is the headers:



Allow →HEAD,GET,OPTIONS,PUT,PATCH

Last-modified →Wed, 07 Nov 2018 10:07:57 GMT+01:00

Accept-Patch →*

Access-Control-Allow-Origin →*

Access-Control-Allow-Methods →POST, PUT, GET, OPTIONS, DELETE, PATCH

Access-Control-Allow-Credentials →true

Access-Control-Max-Age →3600

Access-Control-Allow-Headers →Content-Type, Accept, Authorization

Content-Type →application/vnd.sun.wadl+xml

Content-Length →1165

Date →Wed, 07 Nov 2018 09:07:57 GMT


UPDATE 3



I checked the headers in dev tools as suggested by and the PATCH method isn't there. Why is this? Why is it there if I use POSTMAN but not with my Ionic App?



enter image description here



Please help, I've been struggling with this for days...



Thanks






java spring-boot cors jax-rs patch




java spring-boot cors jax-rs patch






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 7 at 13:40

























asked Nov 7 at 7:49









Wrong

12210




12210








  • 1




    Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
    – sideshowbarker
    Nov 7 at 8:49












  • done, I put the response in the 2nd update @sideshowbarker
    – Wrong
    Nov 7 at 9:11






  • 1




    The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
    – sideshowbarker
    Nov 7 at 9:31










  • I've updated the 'update 2' @sideshowbarker
    – Wrong
    Nov 7 at 9:33






  • 1




    You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
    – sideshowbarker
    Nov 7 at 10:41














  • 1




    Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
    – sideshowbarker
    Nov 7 at 8:49












  • done, I put the response in the 2nd update @sideshowbarker
    – Wrong
    Nov 7 at 9:11






  • 1




    The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
    – sideshowbarker
    Nov 7 at 9:31










  • I've updated the 'update 2' @sideshowbarker
    – Wrong
    Nov 7 at 9:33






  • 1




    You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
    – sideshowbarker
    Nov 7 at 10:41








1




1




Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
– sideshowbarker
Nov 7 at 8:49






Try testing Postman with an OPTIONS request. Because your browser isn’t actually ever getting around to trying the PATCH request from your frontend code. The browser first does a CORS preflight OPTIONS request, and that fails. So you need to figure out how to configure your Spring backend to respond to the CORS preflight OPTIONS request in the way that the browser needs in order to consider it a success. So you may want to spend some time looking through stackoverflow.com/search?q=%5Bcors%5D+%5Bspring%5D+options or stackoverflow.com/search?q=%5Bcors%5D+%5Bspring-boot%5D+options
– sideshowbarker
Nov 7 at 8:49














done, I put the response in the 2nd update @sideshowbarker
– Wrong
Nov 7 at 9:11




done, I put the response in the 2nd update @sideshowbarker
– Wrong
Nov 7 at 9:11




1




1




The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
– sideshowbarker
Nov 7 at 9:31




The response body for the OPTIONS response isn’t relevant to the question. In fact that OPTIONS response shouldn’t have a response body. You need to examine the HTTP response headers for the OPTIONS response. And you should actually do that in browser devtools, not with Postman. But I guess you could start by checking the headers with Postman.
– sideshowbarker
Nov 7 at 9:31












I've updated the 'update 2' @sideshowbarker
– Wrong
Nov 7 at 9:33




I've updated the 'update 2' @sideshowbarker
– Wrong
Nov 7 at 9:33




1




1




You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
– sideshowbarker
Nov 7 at 10:41




You really want to use the Network pane in browser devtools to check the response — both the response headers and the HTTP status code of the response. If the browser were getting the same response as what you show you’re getting from Postman, then the browser wouldn’t be reporting that “Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response” message.
– sideshowbarker
Nov 7 at 10:41












1 Answer
1






active

oldest

votes

















up vote
0
down vote



accepted










Okay I am so idiot that I can't even believe it myself. I was using this plugin for Chrome



which was modifying the headers from the response. Noticed it thanks to @sideshowbarker . It's such an idiot thing but that I bet it might happen to other people too.



Thanks alot @sideshowbarker.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














     

    draft saved


    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53185346%2fjax-rx-blocked-by-cors-policy-method-patch-is-not-allowed-by-access-control-a%23new-answer', 'question_page');
    }
    );

    Post as a guest


















    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote



    accepted










    Okay I am so idiot that I can't even believe it myself. I was using this plugin for Chrome



    which was modifying the headers from the response. Noticed it thanks to @sideshowbarker . It's such an idiot thing but that I bet it might happen to other people too.



    Thanks alot @sideshowbarker.






    share|improve this answer



























      up vote
      0
      down vote



      accepted










      Okay I am so idiot that I can't even believe it myself. I was using this plugin for Chrome



      which was modifying the headers from the response. Noticed it thanks to @sideshowbarker . It's such an idiot thing but that I bet it might happen to other people too.



      Thanks alot @sideshowbarker.






      share|improve this answer

























        up vote
        0
        down vote



        accepted







        up vote
        0
        down vote



        accepted






        Okay I am so idiot that I can't even believe it myself. I was using this plugin for Chrome



        which was modifying the headers from the response. Noticed it thanks to @sideshowbarker . It's such an idiot thing but that I bet it might happen to other people too.



        Thanks alot @sideshowbarker.






        share|improve this answer














        Okay I am so idiot that I can't even believe it myself. I was using this plugin for Chrome



        which was modifying the headers from the response. Noticed it thanks to @sideshowbarker . It's such an idiot thing but that I bet it might happen to other people too.



        Thanks alot @sideshowbarker.







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Nov 7 at 14:05

























        answered Nov 7 at 13:59









        Wrong

        12210




        12210






























             

            draft saved


            draft discarded



















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53185346%2fjax-rx-blocked-by-cors-policy-method-patch-is-not-allowed-by-access-control-a%23new-answer', 'question_page');
            }
            );

            Post as a guest






































































            -

            這個網誌中的熱門文章

            Post-Redirect-Get with Spring WebFlux and Thymeleaf

            圖片
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 2 Can someone explain to me how to implement the post-redirect-get pattern in Spring WebFlux and Thymeleaf? What subscribes on the database save method? @GetMapping("/register") public String showRegisterForm(Model model) { model.addAttribute("user", new User()); return "register"; } @PostMapping public String processRegisterForm(@Valid User user, BindingResult bindingResult) { if (bindingResult.hasErrors()) { return "register"; } else { userRepository.save(user); //what subscribes on this? //how to redirect on e.g. "/login"?
            閱讀完整內容

            Xamarin.form Move up view when keyboard appear

            圖片
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I'm trying to build a Chat app UI, the idea of the Layout was pretty simple: When the input bar is focused, keyboard show up and "push" up the chat bar, as it's a grid, the ListView will resize to fit the screen: I update the input bar's margin to "push" it up: NSValue result = (NSValue)args.Notification.UserInfo.ObjectForKey(new NSString(UIKeyboard.FrameEndUserInfoKey)); CGSize keyboardSize = result.RectangleFValue.Size; if (Element != null){ Element.Margin = new Thickness(0, 0, 0,keyboardSize.Height); //push the entry up to keyboard height when keyboard is activated } And this is
            閱讀完整內容

            JBPM : POST request for execute process go wrong

            圖片
            0 I am new to jBPM. I reference jbpm.org for tutorial. And I tried " My First Business Application " example. It is OK. And then I tried the next tutorial " Business Application with Business Asset ". The first steps are going well. I successfully done installation of jBPM Console, drawing business process asset in KIE process and starting the application are going well. And I tested according to reference. I got a problem for sending POST request to my application. I use Chrome Postman client for sending POST request. In tutorial, they give the following link to make POST request. http://localhost:8090/rest/server/containers/business-application-kjar/processes/business-application-kjar.process/instances I do but I always get " 415 Unsupported Media Type " in every time. I
            閱讀完整內容