Share via

Use method OPTIONS to request a sharepoint url gets "405 Method Not Allowed"

zboris 1 Reputation point
2022-01-15T07:14:20.223+00:00

I am creating a web application to download a file from onedrive or onedrive for business.
And in the web application, I'm using XMLHttpRequest in javascript to achieve the goal.

Because I want to partially download the file, so I added "Range" to the request header,
and it causes browser to send an OPTIONS request before sending the GET request.

On the case of onedrive everything is OK. But on the case of onedrive for business,
I got a CORS failed because an error of "405 Method Not Allowed" was occurred.

The url I'm trying to request is got from @microsoft.graph.downloadUrl.

On the case of onedrive, the url is like "https://public.bn.files.1drv.com/y4m8BoWXpGUPt......"
If try with the curl command: curl "https://public.bn.files.1drv.com/y4m8BoWXpGUPt......" -X OPTIONS -v
The result is like:
< HTTP/1.1 200 OK
< Allow: OPTIONS, GET, HEAD, DELETE, PUT, POST, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK
< Accept-Ranges: none
< P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
< X-MSNSERVER: BN2BAP88927A663
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< MS-CV: xxxxxxxxxxxxxxxxxxxxxx.0
< MS-Author-Via: DAV
< DAV: 1, 2
< MS-Storage: 1
< X-MSFSSHTTP: 1.5
< Public: OPTIONS, GET, HEAD, DELETE, PUT, POST, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK
< X-AsmVersion: UNKNOWN; 19.823.1213.2020
< X-Cache: CONFIG_NOCACHE
< X-MSEdge-Ref: Ref A: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Ref B: YYYYYYYYYYYYY Ref C: 2022-01-15T02:37:10Z
< Date: Sat, 15 Jan 2022 02:37:10 GMT
< Content-Length: 0

On the case of onedrive for business the url is like "https://{xxxxx}.sharepoint.com/personal/{xxxxxx}_onmicrosoft_com/_layouts/15/download.aspx?UniqueId=......&ApiVersion=2.0"
If try with the curl command: curl "https://{xxxxx}.sharepoint.com/personal/{xxxxxx}_onmicrosoft_com/_layouts/15/download.aspx?UniqueId=......&ApiVersion=2.0" -X OPTIONS -v
The result is like:
< HTTP/1.1 405 Method Not Allowed
< Allow: GET, HEAD, OPTIONS, TRACE
< P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
< X-SharePointHealthScore: 0
< SPRequestGuid: aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
< request-id: aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
< MS-CV: xxxxxxxxxxxxxxxxxxxxxx.0
< Strict-Transport-Security: max-age=31536000
< X-FRAME-OPTIONS: SAMEORIGIN
< Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com;
< SPRequestDuration: 25
< SPIisLatency: 4
< X-Powered-By: ASP.NET
< MicrosoftSharePointTeamServices: 16.0.0.22008
< X-Content-Type-Options: nosniff
< X-MS-InvokeApp: 1; RequireReadOnly
< X-Cache: CONFIG_NOCACHE
< X-MSEdge-Ref: Ref A: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Ref B: YYYYYYYYYYYYY Ref C: 2022-01-15T02:20:44Z
< Date: Sat, 15 Jan 2022 02:20:44 GMT
< Content-Length: 0

We can see even on the case of onedrive for business, the response says "Allow: GET, HEAD, OPTIONS, TRACE",
so what is the actual meaning of "405 Method Not Allowed"?

SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,711 questions
OneDrive Management
OneDrive Management
OneDrive: A Microsoft file hosting and synchronization service.Management: The act or process of organizing, handling, directing or controlling something.
1,147 questions