I have a sever with Linux and Apache latest version. I noticed that if I send a POST with data to any address on the site this is accepted even if there is not a specific PHP script that can handle it. I think it's normal. But how can I prevent this? I know that some sites (Ebay) complete the post before returning an error (imagine if the post includes a large file, server bandwidth consumption is guaranteed). How can you prevent a POST from running upstream of a php script or any other script? Do you have to work on the Apache server or in the .htaccess?
I think you should set your response headers to tell your browser what your end point accepts...
header('Access-Control-Allow-Methods', 'GET, PUT, DELETE, PATCH, OPTIONS'); // just exclude the POST method
I had gotten this from the CORS specifications. If it doesn't work then it's probably because this header has to be in response to an OPTIONS request instead.