Methods allowed in OPTIONS preflight request


I’m not able to send PATCH or PUT requests to my DATA API even with “Modify via API” checked in my database privacy settings.

In fact, when my front is sending a PATCH or PUT request, the allowed methods given in the OPTION preflight response from Bubble include only GET, POST and OPTIONS.

How can I had PATCH or PUT in allowed methods as “Modify via API” seems to not doing it ?

Thanks in advance.

Little up :grin:

Small up again :blush:

You also need to create some rules in data privacy to allow modify API.

Nice bumping!

I have already setup data privacy. Here is a screen

Have a more careful read of the Manual, it suggests Authentication for the Modify Data API.

Then a privacy rule can look more like:

I can add some sort of authentication later, the issue is not there.

For now, with the current privacy I should be able to Modify via the API but I can’t and this is not because of the privacy configuration, it’s because the preflight (OPTIONS) request seems to not allow PUT/PATCH/DELETE requests.

So even with some sort of authentication, It would not change the result.

A pratical example can confirm that.
Using Postman, you can send successful PUT, PATCH or DELETE requests depending on the data privacy configuration.
And with a same data privacy configuration, requests sent from an external front-end interface will fail just because of the OPTIONS request that prevent PUT, PATCH and DELETE requests.

Which API are you using to send the request? Can you set the request’s mode to ‘no-cors’?

Possibly Bubble’s CORS response isn’t correct, in terms of listing what’s allowed, but its pretty open and it still allows PATCH for example.

I’m using Axios. I don’t think that it’s an issue related to cors. I still tried to set mode on ‘no-cors’ but it doesn’t work unfortunately.

Try adding this in the request config, although it is already supposed to default to false:

"withCredentials": false

Are you sending to an app with a custom domain and SSL certificate? Do you get the same behaviour for a new vanilla app?

Edit … what else do you have in your request config?

After some mails with the support, some changes have been perform on the Bubble side to fix this.

It work perfectly now.


Hi, dominique.
I have the same problem. How can you sove this?