[Azure Websites PHP] Cross Domain request results in blank response page after Preflight HTTP OPTIONS

THE PROBLEM

I've deployed a REST API application (CodeIgniter with Phil Sturgeon's Rest-Server library) on Azure Websites.

Although I've set the Access-Control-* header in my PHP application:

header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');

(If you need a working test file, here's the gist for the test file)

But Azure Websites server doesn't return the headers in response.

And thus all requests to the server failed with the error message:

Origin http://example.azurewebsites.net is not allowed by Access-Control-Allow-Origin. 

In order to make sure there's no problem with my application, I've deployed the same code to Appfog.com. And as expected, the application works just fine.

The same application deployed on Azure Websites is not working, but fine on Appfog.

THE SOLUTION

After talking to Microsoft Support, we found out that its because the default PHP-CGI handler does not handle the "OPTIONS" verb!

The solution is pretty simply, just edit your web.config file (or add it, in your root directory) to drop PHP54_via_FastCGI, and add it back with OPTIONS in the verb attribute.

<handlers>
  <remove name="OPTIONSVerbHandler" />
  <remove name="PHP54_via_FastCGI" />
  <add name="PHP54_via_FastCGI" path="*.php" verb="GET,HEAD,POST,OPTIONS" modules="FastCgiModule" scriptProcessor="D:\Program Files (x86)\PHP\v5.4\php-cgi.exe" resourceType="Either" />
</handlers>

Your web.config file should look something like this.



Hope this helps PHP developers on Azure Websites like me :)