Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response
See original GitHub issueI am using nestjs with express and appli the cors library to enable CORS (without any configuration override).
Everything worked fine until today.
I started to get CORS exception when sending PATCH request:
Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response.
Surprisingly, GET and POST works fine. This is happening only on Chrome. Safari works fine.
Any idea what is missing?
Issue Analytics
- State:
- Created 2 years ago
- Reactions:3
- Comments:8 (2 by maintainers)
Top Results From Across the Web
javascript - Method PATCH is not allowed by Access-Control ...
The api you are making the call to has to allow PATCH requests. They can do this by setting the Access-Control-Allow-Methods header to...
Read more >URL has been blocked by CORS policy: Method PATCH is not ...
URL has been blocked by CORS policy: Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response.
Read more >Method PATCH is not allowed by Access-Control-Allow ...
Try this solution: Go to your app.js file where you've defined all the middleware. Open terminal and type command "npm install cors", and...
Read more >CORS For Patch Method - Google Groups
... origin 'https://drive.mindmup.com' has been blocked by CORS policy: Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response.
Read more >Access-Control-Allow-Methods - HTTP - MDN Web Docs
The Access-Control-Allow-Methods response header specifies one or more methods allowed when accessing a resource in response to a preflight ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
My solution is not related to the OP issue I think, but maybe.
I have a Chrome plugin (
Allow CORS) which allowed me to toggle CORS on different domain. Classic webdev tool. I activated the plugin onlocalhost:9000(for a previous project I guess). So, this plugin overwrites all OPTIONS request to make everything allowed. Everything ? No… The default value isGET,HEAD,PUT,POST,DELETE…My CORS set through
corswas correct, but this plugin was breaking my preflight because it didn’t allow PATCH by default. I just disabled the plugin, and everything was working well.Sorry for the useless comments but maybe it would help someone 😃
I had this issue and for patch specifically from client side it is important to pass in ‘PATCH’ as the method and not ‘patch’. The other routes will work regardless of capitalization but patch is the oddity in that it must be all caps.