405 using jersey when firing off a get request

So I have a jersey powered rest service which currently looks like this.

@Path("merchandise")
public class MyResource {

@GET
@Produces(MediaType.APPLICATION_JSON)
public Response getAllMerchandise() throws JsonProcessingException {
    MerchandiseDao merchDao = new MerchandiseDao();
    List<Merchandise> AllMerchandise = merchDao.getAllMerchandise();
    ObjectMapper mapper = new ObjectMapper();
    mapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
    return Response.ok().entity(mapper.writeValueAsString(AllMerchandise)).build();
}

  @GET
  @Produces(MediaType.APPLICATION_JSON)
  @Path("{id}")
  public Response getMerchandiseById(@PathParam("id") long id) throws JsonProcessingException{
      MerchandiseDao merchDao = new MerchandiseDao();
      Merchandise merchandise = merchDao.getMerchandiseById(id);
      ObjectMapper mapper = new ObjectMapper();
        mapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
       return Response.ok().entity(mapper.writeValueAsString(merchandise)).build();
  }

@PUT
@Produces(MediaType.APPLICATION_JSON)
public Response updateMerchandise(Merchandise merchandise) {
    MerchandiseDao merchandiseDao = new MerchandiseDao();
    merchandiseDao.editMerchandise(merchandise);
    return Response.ok().build();  
}
}

When I access the two get methods via the browser by navigating to the url I get back the json that I am expecting, happy days!

Now I have the following angular based client (rest calls being made by restangular), the controller (yes i know i need to split this out into a service at some point this is alpha code) looks like this:

var Merchandise = Restangular.all('merchandise');
 Merchandise.getList().then(function(result){
 $scope.merchandise = result;
 });

 $scope.update = function(merchandise){
 merchandise.put();
 }

The get all works absolutely fine, no problems there.

It should be noted that the server is running on localhost:8080 and the client on localhost:9000. I have used a filter to handle CORS like so:

@Provider
public class CORSFilter implements ContainerResponseFilter {

@Override
public void filter(ContainerRequestContext request,
        ContainerResponseContext response) throws IOException {
    response.getHeaders().add("Access-Control-Allow-Origin", "*");
    response.getHeaders().add("Access-Control-Allow-Headers",
            "origin, content-type, accept, authorization");
    response.getHeaders().add("Access-Control-Allow-Credentials", "true");
    response.getHeaders().add("Access-Control-Allow-Methods",
            "GET, POST, PUT, DELETE, OPTIONS, HEAD");
}
}

Now the problem comes when i try to use a form that tries to update a record I get: Failed to load resource: the server responded with a status of 405 (Method Not Allowed)

the url it goes off to get the original record is correct : .../services/merchandise/2

it is however at this point that I get the 405.

I do not understand what is wrong, if I manually navigate to .../services/merchandise/2 the record appears as json, as expected.

any help on this would be awesome as by now I am sure it is something small I have missed.