In the .htaccess I set the Access-Control-Allow-Methods to GET, POST,OPTIONS,DELETE,PUT, but in the response header I can see the Allow header with only POST, DELETE, GET (see screenshot).
Remote Address:xx.xx.xx.xx:80
Request URL:http://example.com/api/v1/session
Request Method:OPTIONS
Status Code:405 Method Not Allowed
Response Headers
Access-Control-Allow-Headers:Content-Type
Access-Control-Allow-Methods:GET,POST,OPTIONS,DELETE,PUT
Access-Control-Allow-Origin:*
Allow:POST, DELETE, GET
Cache-Control:no-cache
Connection:close
Content-Encoding:gzip
Content-Type:text/html; charset=UTF-8
Frame-Options:SAMEORIGIN
Server:Apache/2.2.15 (CentOS)
Vary:Accept-Encoding
X-Frame-Options:SAMEORIGIN
How do I set the Allow Header to accept OPTIONS and PUT too?
Here's my .htaccess:
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
Header add Access-Control-Allow-Headers: "Content-Type"
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Prevent directory listing
Options -Indexes -MultiViews
<FilesMatch "\.(yml|db|twig|md)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule cache/ - [F]
# Some servers require the RewriteBase to be set. If so, set to the correct folder.
# RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ ./index.php [L]
</IfModule>