HTTP Method | Is allowed? |
---|---|
HEAD | Allowed |
GET | Allowed |
POST | Allowed |
OPTIONS | Allowed |
PUT | Allowed |
DELETE | Allowed |
CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
CUSTOM | Allowed |
HTTP Method | Is allowed? |
---|---|
HEAD | Allowed |
GET | Allowed |
POST | Allowed |
OPTIONS | Allowed |
PUT | Allowed |
DELETE | Allowed |
CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
CUSTOM | Allowed |
HTTP Method | Is allowed? |
---|---|
HEAD | Allowed |
GET | Allowed |
POST | Allowed |
OPTIONS | Allowed |
PUT | Allowed |
DELETE | Allowed |
CONNECT | Not Allowed - The operation is insecure. |
TRACK | Not Allowed - The operation is insecure. |
TRACE | Not Allowed - The operation is insecure. |
CUSTOM | Allowed |
HTTP Method | Is allowed? |
---|---|
HEAD | Allowed |
GET | Allowed |
POST | Allowed |
OPTIONS | Allowed |
PUT | Allowed |
DELETE | Allowed |
CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
CUSTOM | Allowed |
HTTP Method | Is allowed? |
---|---|
HEAD | Allowed |
GET | Allowed |
POST | Allowed |
OPTIONS | Allowed |
PUT | Allowed |
DELETE | Allowed |
CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
CUSTOM | Allowed |
HTTP Method | Is allowed? |
---|---|
HEAD | Allowed |
GET | Allowed |
POST | Allowed |
OPTIONS | Allowed |
PUT | Allowed |
DELETE | Allowed |
CONNECT | Not Allowed - SecurityError |
TRACK | Not Allowed - SecurityError |
TRACE | Not Allowed - SecurityError |
CUSTOM | Allowed |
HTTP Method | Is allowed? |
---|---|
HTTP Method | Is allowed? |
---|---|
HEAD | Allowed |
GET | Allowed |
POST | Allowed |
OPTIONS | Allowed |
PUT | Allowed |
DELETE | Allowed |
CONNECT | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported. |
TRACK | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported. |
TRACE | Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported. |
CUSTOM | Allowed |
HTTP Method | Is allowed? |
---|---|
HEAD | Allowed |
GET | Allowed |
POST | Allowed |
OPTIONS | Allowed |
PUT | Allowed |
DELETE | Allowed |
CONNECT | Not Allowed - The operation is insecure. |
TRACK | Not Allowed - The operation is insecure. |
TRACE | Not Allowed - The operation is insecure. |
CUSTOM | Allowed |
HTTP Method | Is allowed? |
---|---|
1.12.3 | Allowed |
1.12.2 | Allowed |
1.10.2 | Allowed |
1.10.1 | Allowed |
1.10.0 | Allowed |
1.9.1 | Allowed |
1.9.0 | Allowed |
1.8.2 | Allowed |
1.8.1 | Allowed |
1.8.0 | Allowed |
1.7.2 | Allowed |
1.7.1 | Allowed |
1.7.0 | Allowed |
1.6.4 | Allowed |
1.6.3 | Allowed |
1.6.2 | Allowed |
1.6.1 | Allowed |
1.6.0 | Allowed |
1.5.2 | Allowed |
1.5.1 | Allowed |
1.5.0 | Allowed |
1.4.4 | Allowed |
1.4.3 | Allowed |
1.4.2 | Allowed |
1.4.1 | Allowed |
1.4.0 | Allowed |
1.3.2 | Allowed |
1.3.1 | Allowed |
1.3.0 | Allowed |
1.2.6 | Allowed |
1.2.3 | Allowed |
HTTP Method | Is allowed? |
---|---|
HEAD | Allowed |
GET | Allowed |
POST | Allowed |
OPTIONS | Allowed |
PUT | Allowed |
DELETE | Allowed |
CONNECT | Not Allowed - SecurityError |
TRACK | Not Allowed - SecurityError |
TRACE | Not Allowed - SecurityError |
CUSTOM | Allowed |
// Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK. Reference: http://www.w3.org/TR/XMLHttpRequest/#request-method
// From the specs
// Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK.
// http://www.w3.org/TR/XMLHttpRequest/#request-method
function test(data){
// We need to separate properties and access one by one.
try{
var xhr = new XMLHttpRequest();
xhr.open(data.toString(), '/test', true);
// At this stage, if we have an Exception, the header is not allowed.
addResult(data, 'Allowed');
}
catch(err){
addError(data, 'Not Allowed - '+ err.message);
}
}
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
var data = ['HEAD', 'GET', 'POST', 'OPTIONS', 'PUT', 'DELETE', 'CONNECT', 'TRACK', 'TRACE', 'CUSTOM'];