Feature request from Silarn, posted on GitHub Feb 02, 2017
When trying to use JavaScript to make an API call where the methods follow JavaScript standards and make an OPTIONS request to the server to determine CORS compatibility, requests will always fail.
This is because Magento has no built-in method for handling OPTIONS requests and will return a 400 error in response.
Preconditions
- Magento 2.*
- An API call using Angular JS should do the trick
Steps to reproduce
- Have a running Magento install with a valid API account
- Obtain an authorization key to create an API request
- Make any request via AJAX in a standard browser (with valid authentication headers and request data)
Expected result
- The API receives an OPTIONS request for the API endpoint and provides valid CORS headers in response
- The AJAX call verifies the CORS headers and proceeds to make the API call
Actual result
- The API receives an OPTIONS request for the API endpoint and fails, returning a 400 response
- The AJAX call fails to validate CORS headers and stops
You can work around this by modifying the HTML server to return a valid response when any OPTIONS request is made, but this is less than ideal. Ideally each individual API endpoint can return valid CORS headers, and other pages will fail or disallow such requests.