Update: Rewrite of the question since I've got some new information. History is visible in the edits.
Issue introduction
I have a django-rest-framework
application running on a subdomain api.nrzonline.nl
. The frontend ng2 + webpack
application is running on the domain itself nrzonline.nl
. When sending a request with ng2-restangular
to the API, I receive the following errors in my console:
zone.js OPTIONS http://api.nrzonline.com/project/ net::ERR_EMPTY_RESPONSE
EXCEPTION: Response with status: 0 for URL: null
The current issue
After quite some testing with curls, I found that all the requests fail when the preflight request with OPTIONS
is send.
Request with -X GET
works properly:
curl 'api.nrzonline.nl/skill/' -X GET
[{"id":1,"category":{"id":1,"title":"skill-a",...}]
(preflight) request with -X OPTIONS
fails with no response
curl 'api.nrzonline.nl/skill/' -X OPTIONS
curl: (52) Empty reply from server
Performing this -x OPTIONS
request on the API on the Django development server locally works without any issue's.
server settings
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_METHODS
is on default, which allowsOPTIONS
CORS_ALLOW_HEADERS
is on default
Middleware:
MIDDLEWARE = [
...
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
...
]
What I have tried
- I have read that it is possible that the server requires HTTPS request, but currently there is no SSL certificate active. (source) Though, I did try to
curl
with--insecure
(source) - Sending the request as
text/plain
instead ofapplication/json
with-H "Content-Type: text/plain"
(source (comment on answer))
The question
What am I missing / doing wrong, so that the preflight with -X OPTIONS
is failing. Any tips, explanations or references to a possible solution are welcome.
Answer credits go to my brother, hoster of my website
The issue was DirectAdmin related. By default DirectAdmin only allows
GET
,POST
andHEAD
.These settings are found in
include /etc/nginx/webapps.conf;
as:Adding
OPTIONS
should fix the problem. Remove or comment out the code block to allow any request method.However, modifying
/etc/nginx/webapps.conf
might cause DirectAdmin to override this file during a new HTTPD update. The file<path_to_directadmin>/custombuild/costum/nginx/conf
is used to generate aconf
file. Making your modifications here should prevent loss of your adjustments.