• Resolved digiscrap

    (@digiscrap)


    Hello,
    When I check the website @ securityheaders.com I see:
    access-control-allow-methods GET,PUT,POST,DELETE

    But when I try to save the Widgets (on every WP website I host) I get the error:
    “Updating Failed. The Response is Not a Valid JSON Response
    HTTP/2 405 Method Not Allowed”. This appears only when I save the Widgets.

    To resolve this I need to add OPTION to the “access-control-allow-methods”. As far as I can find with friend Google…

    Is this possible in your plugin? Is it save and/or is there maybe a wrong configuration on my server (VPS)?

    Thank for any advice and help!
    Vincent Volmer

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter digiscrap

    (@digiscrap)

    I see the lines below two times in the securityheaders.com output. I tried to add OPTIONS in .htaccess and it appears only in the second part. Looks like it is adding twice? When I disable your plugin all is gone. So the plugin adds it 2 times with some different values (4th / last line). Maybe it is normal behavior, I don’t know.

    access-control-allow-origin null
    access-control-allow-methods GET,PUT,POST,DELETE
    access-control-allow-headers Content-Type, Authorization
    x-content-security-policy default-src ‘self’; img-src *; media-src * data:;

    access-control-allow-origin null
    access-control-allow-methods GET,PUT,POST,DELETE
    access-control-allow-headers Content-Type, Authorization
    x-content-security-policy img-src *; media-src * data:;

    Thanks again for your help!
    Regards, Vincent

    • This reply was modified 2 years ago by digiscrap.
    Thread Starter digiscrap

    (@digiscrap)

    Issue was caused by the server settings. Fixed.

    I found the information here: https://forum.directadmin.com/threads/allowmethods-ah01623-client-method-denied-by-server-configuration-options.56310/#post-288513

    Its not an issue caused by the Headers Security Advanced & HSTS WP !

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘access-control-allow-methods OPTIONS’ is closed to new replies.