Level 47
In chrome I bet if you look at the error you'll notice the post request is actually an option request.
If so look at how he handles the option request. It requires another header I believe.
1 like
Apr 8, 2017
5
Level 1
Getting 406 not acceptable status code with ajax post requests in production hosting.
Hi again! I did't know in wich channel put this (Vue, Laravel)...anyway...hope you can help me :) Well, I'm stuck on this:
I'm creating a full SPA with Vue.js using Laravel as backend service. I have two separated apps and I already dealed with CORS in Laravel.
I'm using Axios with Vue. In my local enviroment everything works fine, but in my production enviroment (a shared hosting) the only thing that is not working at the moment are POST ajax Json requests. I'm getting this Chrome message:
"POST http://cdmapi.tevilcon.com/api/units 406 (Not Acceptable)"
So, here are my test domains:
- http://cdmapi.tevilcon.com/api ---> backend API
- http://condominios.novotendencia.com ---> Front-end app.
Here is my CORS configuration in Laravel:
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
The thing that annoy me is that my test post requests in Postman work perfectly :(. I even copied the Jquery code generated by Postman:
var settings = {
"async": true,
"crossDomain": true,
"url": "http://cdmapi.tevilcon.com/api/units",
"method": "POST",
"headers": {
"content-type": "application/json",
"cache-control": "no-cache",
"postman-token": "697c597a-ed81-2d9e-914a-8f1752bb343b"
},
"processData": false,
"data": "{\n\t\"title\" : \"This post request does not works\",\n\t\"description\": \"Yeahh...does not works\",\n\t\"icon\": \"car\"\n}"
}
$.ajax(settings).done(function (response) {
console.log(response);
});
Does not work either. As soon as I build my Vue App and upload to the server I got the same 406 status code every time I do a post request (I removed the postman-token bofere that).
I was reading about that some hostings services have some rules denying some requests (using mod_security or whatever). But if Postman works with my API, so...what I'm missing? What does Postman different with the request?
Please feel free to access both of my test domains and see my issues ( don't hack my server :) )
Thanks!!
Level 1
I will test that library right away. Yes, indeed there are two requests: the OPTION and the POST request. But as I'm saying, works with Postman. That's the part that confusses me. Anyway, I going to test that Laravel Cors library and let you know. Thanks.
Level 47
Post man sends a straight up post request, axios post request sends options first, gets an okay request (cors header) then sends a post. So two requests. That's normal, but as I said an option request requires another header set. A total of three instead of two.
Keep in mind post man isn't a browser. The browser for security requires proper headers to be set, not post man. You'll notice a post or option request from postman doesn't require cors headers, same as a curl request from php.
1 like
Level 1
I had the same issue of 406 Error. The problem might because of your hosting. They can turn off Mod Security. You need to contact them.
I explained it on my blog in more detail, https://roveno.wordpress.com/2017/06/29/error-406-not-acceptable-on-shared-hosting/
2 likes
Level 1
Well, finally I managed to use the same domain building my Vue app inside the public folder in Laravel. No more CORS issues. Thanks guys.
Please or to participate in this conversation.