I’ve been happily working with the Angular SPA template and building my application. I’ve started using AutoQuery CRUD for my objects and it’s been working fine.
I attempted to use a batched request as per the documentation, however I’m receiving a 405 error. On further investigation, I don’t think the request is even making it to my ServiceStack app, I think the SpaProxy component is outputting the error.
Have you seen this behaviour at all?
That’s not enough information to begin to identify the issue, what’s the full HTTP Error Response?
Ok, I’ve taken the Spa Proxy out of the equation and made the JsonServiceClient in my Angular project directly hit the ServiceStack on port 5001.
I’m seeing a CORS error for fetch and 405 for the preflight:
allow: GET, HEAD
content-length: 0
date: Tue, 06 May 2025 12:39:23 GMT
server: Kestrel
I think it’s being blocked due to only allowing GET and HEAD and the request being a POST…
Is there anything else you need to troubleshoot?
I thought you worked it out, it’s a CORS issue no?
Sounds like you haven’t allowed “POST” methods in your CORS configuration? (e.g. AddCors().WithMethods(...).
No, still getting the 405 error.
I added the ‘cors’ mixin and have added all methods .WithMethods("GET", "POST", "PUT", "DELETE", "OPTIONS") however I’m still getting the error.
It’s strange that it’s only the batched request that fails, all other requests work fine.
Can you post the Request + Response headers of a successful POST request vs a failed POST batched request. That should hopefully highlight the differences between the 2 requests.
Ok, here’s the single (setting) POST request headers:
POST /api/CreateSetting HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Content-Length: 102
Cookie: ss-opt=temp; Webstorm-b73c6f4d=5fa02c09-8681-43ee-838d-f104c2136fd7; .AspNetCore.Identity.Application=CfDJ8JzIosJSzb5HoDrOV6hB_ViMmX9KbVYq5K31aBuLm9lMl30mIs8Hi3fCM4xI62_exJiM_vVp5s4WGNV4JuXWy6JM6fd8rc3rVVm_IBLErZLL1SAP4_THoZ2dURuia82LgDl0YwxAdhEcYdDn8Ep6t54skvjfqryMFYOb7eID9xxzf8v9rcFKeoBZs0Kmbxl_lHa8vV6HJF2rydUrwsu-j20p94-FkiarDDRx9izBAd3vg--GBeV1OJcb_CsFGv9qm8AM6b9O-OS5g5k8HIlsNleKMM3Ly4pl0nrcVEk5D0olUzwsIDuTlAoVo4D_AIehk7oJnFMnbswfrduZIlmIVlvwTw3pynQmayhIMK62Vb8qeGkbyzT0WoY2l5pkpN6VxB3FEXCuxkb3lQk8T9kSyL7RH22SAsL_KdY-ROrlH5G7EJL-e7XuqdKw6ga59O7IgKUWq4AQd5S7NE78rOpYglzbEuyW05y3rgXFb1oXmHiJTmZfhe0M6N8QfUM2CyxRlKJ0x2J6tXik9E5VHw9KTSPVdlm9JyFLQmwc2EaBzRGpRknh2qtBp8Wi01cCJA9ClOLYfrVuW1VI1SZlikxv7BRbZHMPG9Uujo9rpxw38gCfQEF9JOD9x7-8omBdcmAfMukL2a7A9wZbN1gyGqgfsdY0qZXUsEjXTu3Ofo3p0Mjqhb6lwNTinQJEw6aIYMkm747AJ3rWmkv_5g-MYxcaaLSjCkdNYytlJERJJt-8TrCSslweQDiyP5Goo7BAlrel4phethz9NO0aFDuLEeOvK0PXXPN4bI71Aif0OQXYFz6hwRYx2BnZNN7IRg6wlBKlSSKug_AXsy0br2f2d9wO4s696Aj04mOuwY7XCMPfI2Ok3_9rV-y4mhtyQhimFn3-VDhk1xyR-RXTt_2pNX3_RUF_tJpeEdxrYlXCwhjZBfT9A2ndhxbEo_DSQsjjbsrFpwg3v8m1Ym9z7jW-s2PpMAlhoF8KVejrEK9D6AJqOVoJ68v6Bki04MfSUSnFVrA_t_CH1jfXJi25Q6OMsCex6V3OolNdt4T72xgSVRq7tPce6rx01_GHyGQIy6y1I5sNALwAUB2EuUucmJqCjy4HsoH3VsxbX7DtarcoBa2--CKFtLRpXMYBEeNghud7Dd8biA
Host: localhost:4200
Origin: https://localhost:4200
Referer: https://localhost:4200/settings/network
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
content-type: application/json
sec-ch-ua: "Google Chrome";v="135", "Not-A.Brand";v="8", "Chromium";v="135"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
And the response headers:
HTTP/1.1 200 OK
access-control-allow-origin: https://localhost:4200
vary: Accept, Origin
connection: close
content-type: application/json; charset=utf-8
date: Wed, 07 May 2025 11:10:43 GMT
server: Kestrel
access-control-allow-credentials: true
transfer-encoding: chunked
x-powered-by: ServiceStack/8.72 NET6/macOS/net8/IN
Here’s the failed request headers:
POST /api/UpdateSetting[] HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Content-Length: 8030
Cookie: ss-opt=temp; Webstorm-b73c6f4d=5fa02c09-8681-43ee-838d-f104c2136fd7; .AspNetCore.Identity.Application=CfDJ8JzIosJSzb5HoDrOV6hB_ViMmX9KbVYq5K31aBuLm9lMl30mIs8Hi3fCM4xI62_exJiM_vVp5s4WGNV4JuXWy6JM6fd8rc3rVVm_IBLErZLL1SAP4_THoZ2dURuia82LgDl0YwxAdhEcYdDn8Ep6t54skvjfqryMFYOb7eID9xxzf8v9rcFKeoBZs0Kmbxl_lHa8vV6HJF2rydUrwsu-j20p94-FkiarDDRx9izBAd3vg--GBeV1OJcb_CsFGv9qm8AM6b9O-OS5g5k8HIlsNleKMM3Ly4pl0nrcVEk5D0olUzwsIDuTlAoVo4D_AIehk7oJnFMnbswfrduZIlmIVlvwTw3pynQmayhIMK62Vb8qeGkbyzT0WoY2l5pkpN6VxB3FEXCuxkb3lQk8T9kSyL7RH22SAsL_KdY-ROrlH5G7EJL-e7XuqdKw6ga59O7IgKUWq4AQd5S7NE78rOpYglzbEuyW05y3rgXFb1oXmHiJTmZfhe0M6N8QfUM2CyxRlKJ0x2J6tXik9E5VHw9KTSPVdlm9JyFLQmwc2EaBzRGpRknh2qtBp8Wi01cCJA9ClOLYfrVuW1VI1SZlikxv7BRbZHMPG9Uujo9rpxw38gCfQEF9JOD9x7-8omBdcmAfMukL2a7A9wZbN1gyGqgfsdY0qZXUsEjXTu3Ofo3p0Mjqhb6lwNTinQJEw6aIYMkm747AJ3rWmkv_5g-MYxcaaLSjCkdNYytlJERJJt-8TrCSslweQDiyP5Goo7BAlrel4phethz9NO0aFDuLEeOvK0PXXPN4bI71Aif0OQXYFz6hwRYx2BnZNN7IRg6wlBKlSSKug_AXsy0br2f2d9wO4s696Aj04mOuwY7XCMPfI2Ok3_9rV-y4mhtyQhimFn3-VDhk1xyR-RXTt_2pNX3_RUF_tJpeEdxrYlXCwhjZBfT9A2ndhxbEo_DSQsjjbsrFpwg3v8m1Ym9z7jW-s2PpMAlhoF8KVejrEK9D6AJqOVoJ68v6Bki04MfSUSnFVrA_t_CH1jfXJi25Q6OMsCex6V3OolNdt4T72xgSVRq7tPce6rx01_GHyGQIy6y1I5sNALwAUB2EuUucmJqCjy4HsoH3VsxbX7DtarcoBa2--CKFtLRpXMYBEeNghud7Dd8biA
Host: localhost:4200
Origin: https://localhost:4200
Referer: https://localhost:4200/settings/network
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36
content-type: application/json
sec-ch-ua: "Google Chrome";v="135", "Not-A.Brand";v="8", "Chromium";v="135"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
And the response headers:
HTTP/1.1 405 Method Not Allowed
access-control-allow-origin: https://localhost:4200
vary: Origin
content-length: 0
connection: close
date: Wed, 07 May 2025 11:08:32 GMT
server: Kestrel
access-control-allow-credentials: true
allow: GET, HEAD
Hope that helps!
Ok both requests look the same so can’t tell from here, going to see if I can create a repro.
It looks like the issue was due to no endpoint routes being registered for each implicit AutoBatch route.
I’ve just added support for registering hidden AutoBatch Routes which is available from v8.7.3+ which is now available in the pre-release packages.