Feature request from Silarn, posted on GitHub Feb 02, 2017
When trying to use JavaScript to make an API call where the methods follow JavaScript standards and make an OPTIONS request to the server to determine CORS compatibility, requests will always fail.
This is because Magento has no built-in method for handling OPTIONS requests and will return a 400 error in response.
Preconditions
Magento 2.*
An API call using Angular JS should do the trick
Steps to reproduce
Have a running Magento install with a valid API account
Obtain an authorization key to create an API request
Make any request via AJAX in a standard browser (with valid authentication headers and request data)
Expected result
The API receives an OPTIONS request for the API endpoint and provides valid CORS headers in response
The AJAX call verifies the CORS headers and proceeds to make the API call
Actual result
The API receives an OPTIONS request for the API endpoint and fails, returning a 400 response
The AJAX call fails to validate CORS headers and stops
You can work around this by modifying the HTML server to return a valid response when any OPTIONS request is made, but this is less than ideal. Ideally each individual API endpoint can return valid CORS headers, and other pages will fail or disallow such requests.
... View more