I'm implementing a web service with CORS support. Everything works fine, except when I issue a DELETE request. Firefox sends the following preflight:
OPTIONS /node-configuration?sessionId=cee013ce-53e6-11e6-8929-7efd7b6db237&address=127.0.0.1&port=8043 HTTP/1.1
Host: 127.0.0.1:8032
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: DELETE
Origin: XXX
Connection: keep-alive
And the server responds with:
HTTP/1.1 200 OK
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: XXX
Access-Control-Allow-Method: POST, GET, DELETE, OPTIONS
As you can see, DELETE is in the Access-Control-Allow-Method header. But when I send the request:
DELETE /node-configuration?sessionId=cee013ce-53e6-11e6-8929-7efd7b6db237&address=127.0.0.1&port=8043
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Host: 127.0.0.1:8032
Origin: XXX
Referer: XXX
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0
Firefox blocks it: method not found in CORS „Access-Control-Allow-Methods”
Am I missing something?
