Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

nutmix's avatar

ajax calls always give "method not allowed", but only when we deploy to forge (nginx). The same code works perfectly on Apache.

We have a number of ajax calls which work perfectly on all environtments except forge servers (nginx/ubunut16).

We are at a complete loss to find what the problem is, and we can't go live. Any help or ideas appreciated.

This is one of the problem routes:

Route::post('/posts/reskin/{idpost}/{tabnr}/savetext','reskinController@savetexts')

It works in apache, but on forge servers Laravel is returning "something went wrong" and

Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException

This is the request taken from the debugger on a working system which uses apache:

Request URL:http://poop.test.com:8080/public2/posts/reskin/1000/1/savetext
Request Method:POST
Status Code:200 OK
Remote Address:127.0.0.1:8080
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Cache-Control:no-cache, private
Connection:Keep-Alive
Content-Length:4
Content-Type:application/json
Date:Tue, 24 Oct 2017 11:16:18 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.27 (Win64) PHP/7.1.10
Set-Cookie:XSRF-TOKEN=eyJpdiI6InQ4MnZ1T2ptTTRzUTA4UzlVSGRWZ0E9PSIsInZhbHVlIjoiUDZoOWo1WU1lWkhEcWRBMmlVOUQ0eUlHVWlqQkdQOHBwZUc0c09mZXlVVFlnVW13c3Z2QVNmVW16ZVJ6SHBLSjhSUENtM1E0bDlHVjRodzJJeGFyR3c9PSIsIm1hYyI6IjUwNzQyYjM2OTMwODlhOWQ4ZTZmZGYyYzhjYWY1YTM5MzdmODM0MDZiOWVlNGUyOTBiNjFhYTU3YmFkOWY0ODMifQ%3D%3D; expires=Tue, 24-Oct-2017 13:16:18 GMT; Max-Age=7200; path=/
Set-Cookie:laravel_session=eyJpdiI6IkR1blRTcU5zNDFGRG04cXpKYzByZkE9PSIsInZhbHVlIjoiVjdIQk8rcUVQZU1kTGE4VUxcL3IwUTNoR1wvbGx1Q25XSFFpOVwveXpyVGdYTWhtRlRSekkrYXUwYktPUW14UG1pSG4zcEdqeXZmK2xVVDRJZ1wveE1PazN3PT0iLCJtYWMiOiI3OWYwMzk4NWMwMTk5NDgzZGZkNjY5ZDUyZWE2ZDBlZDZjNzAxZGYyYmUwYTNhMmUyNTRhMmFmZTNjMGIyYjYwIn0%3D; expires=Tue, 24-Oct-2017 13:16:18 GMT; Max-Age=7200; path=/; HttpOnly
X-Powered-By:PHP/7.1.10
Request Headers
view source
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Cache-Control:no-cache
Connection:keep-alive
Content-Length:744
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie:XSRF-TOKEN=eyJpdiI6IlpwMTNtWVdabGZrMDJ3RkZwaU96WUE9PSIsInZhbHVlIjoiaFAyOEV6MnBLc0ZVbFVTSnlFYWZJUjNzdVdwXC9vRXVvZWk3STE1dFdrNEc4UkhlSFZSMUI3Z2NZVVZhbHd4eEVpXC9scW1mTDNqZzNhcUlRUkJcL1NoeVE9PSIsIm1hYyI6IjAxOWExODhhNTBhYmU4N2JlZjJmMjE3ZTk0ZWU4NDUyN2E0ODljNDc3NjY3ZjBkMmQwM2M5OTQ0NDc0ZTA4NTgifQ%3D%3D; laravel_session=eyJpdiI6Ink0VnJ5d1diYytBNXdKUk9sRWErOUE9PSIsInZhbHVlIjoiK0tcL3VJU1BZM1QwVU1nbzN0V2ZpUmJoN3V3MmUxTUROMGVoZk16d1VQQnFaNFZcL2E5b2x1RkpaY3h5bWUxXC9BMmpTdGhENDlmRXQzY0REMGNTUDUrSEE9PSIsIm1hYyI6ImQyZDcyYmRlNzQ0MmFmODAxY2QzZjU1NmM5M2E1ZGVkZDcxNmUwNTI0NmNiMmM2N2RmMTIyZDQxZmQ0ZjJiZDIifQ%3D%3D
Host:poop.test.com:8080
Origin:http://poop.test.com:8080
Pragma:no-cache
Referer:http://poop.test.com:8080/public2/posts/reskin/1000/1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
X-CSRF-TOKEN:XEvPMGZc93ynUCB0J1mvH6Xn3fJTbhlURtGG2HQQ
X-Requested-With:XMLHttpRequest

This is the same post but to a forge server with identical software which fails:

Request URL:https://my.xxx.com/posts/reskin/1000/1/savetext
Request Method:POST
Status Code:404 
Remote Address:111.162.156.61:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
allow:POST
cache-control:no-cache, private
content-encoding:gzip
content-type:text/html; charset=UTF-8
date:Tue, 24 Oct 2017 11:12:30 GMT
server:nginx/1.13.3
status:404
vary:Accept-Encoding
Request Headers
:authority:my.xxxx.com
:method:POST
:path:/posts/reskin/1000/1/savetext
:scheme:https
accept:application/json, text/javascript, */*; q=0.01
accept-encoding:gzip, deflate, br
accept-language:en-GB,en-US;q=0.8,en;q=0.6
cache-control:no-cache
content-length:738
content-type:application/x-www-form-urlencoded; charset=UTF-8
cookie:XSRF-TOKEN=eyJpdiI6IndRXC94bnFOZGdlamFkVTAwYXhHa053PT0iLCJ2YWx1ZSI6Ik5YTzhHN2pzbEJxSWlhWkkxYjdjR0NZeEZYTkZYNUpEcnJPMWFjaEN3N0lDK2g4V3ZmQ1FLN2hBeUprQnFIVFZcL2gwcm1ibnZSOGYwMGFrejRMOFNBdz09IiwibWFjIjoiZmQ3OTUwOWE0MGVjMWZmMTY0MTBhMTM1YzcxNTc4MjM2MjhlNjk5MTE0ZWU2NDA5MzgzYWE4OTU4Y2ZlYWFhOSJ9; laravel_session=eyJpdiI6InVHS3FSUm55bnBORThyemFlZ2N6dkE9PSIsInZhbHVlIjoiaVpJb3NLMkVWQ1JNWTgwa2s2U0FwMEdFek1QYnVtREFYWHpGeDhza1VXXC81XC9YTTF2TEdiaUtcL2U5ZGRCXC80aXB2VWx5UklBSWg5Qmx5NzlYYkM2ZytRPT0iLCJtYWMiOiJhOTIyMjEzZmRjOGNmZTY4MzU5Yzc5OTFhMTgyNTIzNjk0MzAwNDE5OGFkM2NiN2RiNjZiOGRkYzUzNWU0YTk1In0%3D
origin:https://my.xxxx.com
pragma:no-cache
referer:https://my.xxxx.com/posts/reskin/1000/1
user-agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
x-csrf-token:eoe71Ki3gRSaB4VYN4Cm0Yfc3IjokoXfqYDShu2f
x-requested-with:XMLHttpRequest

We tried changing the POST method to PUT, but nginx always rejects before it hits laravel with a 405 method not allowed. apparently, you cant use PUT with nginx.

the nginx config was created by forge, and looks like this:

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DOT NOT REMOVE!)
    include forge-conf/my.xxxxx.com/server/*;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/my.xxxx.com-error.log error;

    error_page 404 /index.php;
    :

The ajax code looks like this:

function SaveTexts () {
    $.ajaxSetup({
        headers: {
            'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
        }
    });
    
    var formData = {
        _token:$('meta[name="csrf-token"]').attr('content')
    };
    
    var max=0;
    
    $("#textsmine input").each(function( index ) {
        console.log(index+ " -> " + $(this).attr("name") + ": " + $(this).val() );
        formData["name"+index]=encodeURI($(this).attr("name"));
        formData["value"+index]=encodeURI($(this).val());
        max+=1;
    });
    
    formData["nrslots"]=max;
    
    var my_url = window.location.href+"/savetext"; 
    var type = "POST";
    
    $.ajax({
        method: type,
        url: my_url,
        data: formData,
        dataType: 'json',
        success: function (data) {
            if (data=="JA") {
                console.log(data);
            }
            else {
                console.log('Error1:', data);
            }
        },
        error: function (data) {
            console.log('Error:', data.responseText);
        }
    });
}
0 likes
1 reply
ejdelmonico's avatar

Is this a forge created server or just managed by forge? nginx should return an ALLOW headers field but you have source. If the values do not include PUT, then a 405 is returned. You can try and alter those methods with add_header Allow "GET, POST, HEAD, PUT" always; You can try that. You can use it on a particular location or globally if necessary.

Please or to participate in this conversation.