0

I have a php+laravel API application hosted in azure app service.I have the same app hosted in apache in azure as well. The rest end points works properly in apache but in IIS hosted environment all the PUT verbs are failing with 405 (Method Not Allowed) error. I did not try DELETE yet but based on what I am seeing all preflight redirect verbs should be failing.

I spend a week on this, let me first explain what I did so far; I have added following to my web.config

<httpProtocol>
 <customHeaders>
 <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains"/>
 <add name="Access-Control-Allow-Origin" value="*" />
 <add name="Access-Control-Allow-Headers" value="X-Requested-With,Content-Type" />
 <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,DELETE,PUT,PATCH" />
 </customHeaders>
 </httpProtocol>

With the access-control-allow-methods, I could by pass OPT calls from my front end application.

I tried few of the suggestion mentioned in Laravel 5.1 API Enable Cors answers. Also followed http://codecipher.in/laravel-cors/ so that I could avoid OPT calls from my client side. These changes did allow me to skip OPT calls and able to make my PUT. Unfortunately the PUT calls though it is still failing.

I called the PUT endpoint through postman and I get "The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used." error. In the headers I can see 

access-control-allow-methods →POST,GET,OPTIONS,DELETE,PUT,PATCH

but I did see allow as

allow →GET, HEAD, OPTIONS, TRACE

Like I mentioned, the application hosted in Apache works just fine and I would like to give it a try in IIS before I give up and move completely to Apache.

What does IIS uses to prevent calls to PUT verb not to execute?

Thanks

Will B.
  • 17,883
  • 4
  • 67
  • 69
unni
  • 63
  • 8
  • This shouldn't be limited to Laravel or PHP, but with your IIS configuration, as PUT is an HTTP specification. – Will B. Nov 21 '18 at 17:32

2 Answers2

0

It depends on the server configurations. Some simply decide they do not want to enable such requests for whatever reason they will give you once you ask them. Thing is, not all servers will allow you to have those accessible. I think a previous post created can help you sort your IIS environment. If you have no control over the production server or very limited control over its configuration I would advice dropping those and keep the default Requests;

Diogo Santo
  • 769
  • 6
  • 12
0

For those facing the same problem, the answer is to add the following section in the web.config file in site/public folder. Do a cache clean and restart the server.

<system.webServer>
                            <handlers>
                                            <remove name="PHP72_via_FastCGI" />
                                            <add name="PHP72_via_FastCGI" path="*.php" verb="GET, POST, PUT, DELETE, PATCH" modules="FastCgiModule" scriptProcessor="D:\Program Files (x86)\PHP\v7.2\php-cgi.exe" resourceType="Either" requireAccess="Script" />
                            </handlers>
            </system.webServer>
unni
  • 63
  • 8