Can't call lambda function with DELETE or PUT methods

I’m trying to hit my lambda function with DELETE and PUT - they seem to be blocked. POST and GET get in properly. I added a console.log('method', event.httpMethod); to the top of my handler and I can see the GETs, but none of the DELETEs or PUTs even hit that line.

I tried adding a 'Access-Control-Allow-Methods': '*' to the headers (and even added DELETE specifically) - to no avail?

Am I doing something wrong? Have I missed a setting somewhere? Or does Netlify block DELETE and PUT on the server level?

Thanks!

I think we don’t intend to block any methods for proxied paths, which a function effectively is. That wouldn’t work on your netlify site for a non-proxy’d path, as our CDN edge server software does not serve from our own backing store to respond to anything except GET and in very few situations (you have a form handler set up at a specific URL), then also POST.

So, let’s get some more details from you:

  1. What HTTP response code do you get when you try?
  2. Is there an x-nf-request-id HTTP response header in that response (cf [Common Issue] Netlify Support asked for the 'x-nf-request-id' header? Why are they asking for it and how do I find it?)?
  3. Can you tell us a curl call to reproduce so we can take a closer look?

Thanks for responding, Chris.

  1. Whne I try from the browser (React code) - I get nothing. The Response tab in Network view shows “Failed to load response data”, and therefore I can’t see response headers as well.

  2. No there isn’t

  3. This is where it gets bizarre - I just tried to curl a DELETE request (pasting in the Authorization header required) and it worked! That means something in my client code is not ok? But the other 2 operations (POST, GET) work well, so it’s not a CORS issue.

I use fetch('url?id=' + id, {method: 'DELETE', headers: {Authorization: Bearer <jwt comes here>}} to trigger the delete op. Like I’ve mentioned, it works with netlify-lambda locally, and only fails on the prod site.

If needed, I can share my curl command, but since it works, it’s not relevant, I guess.

Is there some header that I’m missing? Where should I look next?

BTW, I just logged out the response returning to the browser - it shows an empty response with a 200 code. But I can verify that the function code was never triggered.

You mentioned you tried adding the header: Access-Control-Allow-Methods': '*'. Did you do this in your function’s response? You should add that header to your function response so that the browser knows that the request is allowed. Let me know if that helps.