DomStorm : HTTP Methods Supported by XHR

Results

Tested on

Chrome - 81 - Windows 10

HTTP Method	Is allowed?
HEAD	Allowed
GET	Allowed
POST	Allowed
OPTIONS	Allowed
PUT	Allowed
DELETE	Allowed
CONNECT	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported.
TRACK	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported.
TRACE	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported.
CUSTOM	Allowed

Tested on

Chromium - 71 - Ubuntu

HTTP Method	Is allowed?
HEAD	Allowed
GET	Allowed
POST	Allowed
OPTIONS	Allowed
PUT	Allowed
DELETE	Allowed
CONNECT	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported.
TRACK	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported.
TRACE	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported.
CUSTOM	Allowed

Tested on

Firefox - 74 - Mac OS X

HTTP Method	Is allowed?
HEAD	Allowed
GET	Allowed
POST	Allowed
OPTIONS	Allowed
PUT	Allowed
DELETE	Allowed
CONNECT	Not Allowed - The operation is insecure.
TRACK	Not Allowed - The operation is insecure.
TRACE	Not Allowed - The operation is insecure.
CUSTOM	Allowed

Tested on

Unknown Browser - Unknown Version - Unknown OS

HTTP Method	Is allowed?
HEAD	Allowed
GET	Allowed
POST	Allowed
OPTIONS	Allowed
PUT	Allowed
DELETE	Allowed
CONNECT	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported.
TRACK	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported.
TRACE	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported.
CUSTOM	Allowed

Tested on

Googlebot - 2.1 - undefined

HTTP Method	Is allowed?
HEAD	Allowed
GET	Allowed
POST	Allowed
OPTIONS	Allowed
PUT	Allowed
DELETE	Allowed
CONNECT	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported.
TRACK	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported.
TRACE	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported.
CUSTOM	Allowed

Tested on

IE - 10 - Windows 8

HTTP Method	Is allowed?
HEAD	Allowed
GET	Allowed
POST	Allowed
OPTIONS	Allowed
PUT	Allowed
DELETE	Allowed
CONNECT	Not Allowed - SecurityError
TRACK	Not Allowed - SecurityError
TRACE	Not Allowed - SecurityError
CUSTOM	Allowed

Tested on

Maemo Browser - undefined - Linux

HTTP Method	Is allowed?

Tested on

Opera - 69 - Linux

HTTP Method	Is allowed?
HEAD	Allowed
GET	Allowed
POST	Allowed
OPTIONS	Allowed
PUT	Allowed
DELETE	Allowed
CONNECT	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'CONNECT' HTTP method is unsupported.
TRACK	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACK' HTTP method is unsupported.
TRACE	Not Allowed - Failed to execute 'open' on 'XMLHttpRequest': 'TRACE' HTTP method is unsupported.
CUSTOM	Allowed

Tested on

Safari - 7 - Mac OS X

HTTP Method	Is allowed?
HEAD	Allowed
GET	Allowed
POST	Allowed
OPTIONS	Allowed
PUT	Allowed
DELETE	Allowed
CONNECT	Not Allowed - SecurityError: DOM Exception 18
TRACK	Not Allowed - SecurityError: DOM Exception 18
TRACE	Not Allowed - SecurityError: DOM Exception 18
CUSTOM	Allowed

Tested on

Chrome Mobile - 83 - Android

HTTP Method	Is allowed?
href	Allowed
ancestorOrigins	Allowed
origin	Allowed
protocol	Allowed
host	Allowed
hostname	Allowed
port	Allowed
pathname	Allowed
search	Allowed
hash	Allowed
assign	Allowed
reload	Allowed
toString	Allowed
valueOf	Allowed
replace	Allowed

Tested on

Edge - 17.17134 - Windows 10

HTTP Method	Is allowed?
HEAD	Allowed
GET	Allowed
POST	Allowed
OPTIONS	Allowed
PUT	Allowed
DELETE	Allowed
CONNECT	Not Allowed - SecurityError
TRACK	Not Allowed - SecurityError
TRACE	Not Allowed - SecurityError
CUSTOM	Allowed

User Script (ENUM_FUNCTION)

					
// Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK.  Reference: http://www.w3.org/TR/XMLHttpRequest/#request-method 

// From the specs
// Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK.
// http://www.w3.org/TR/XMLHttpRequest/#request-method

function test(data){
	// We need to separate properties and access one by one.
try{
    var xhr = new XMLHttpRequest();
    xhr.open(data.toString(), '/test', true);
    // At this stage, if we have an Exception, the header is not allowed.
    addResult(data,  'Allowed');
}

catch(err){
	addError(data,  'Not Allowed - '+ err.message);
}

}

Enum Data (ENUM_FUNCTION)

					
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

var data = ['HEAD', 'GET', 'POST', 'OPTIONS', 'PUT', 'DELETE', 'CONNECT', 'TRACK', 'TRACE', 'CUSTOM'];

HTTP Methods Supported by XHR

List all the supported XHR methods.

Results

User Script (ENUM_FUNCTION)

Enum Data (ENUM_FUNCTION)