Content-Length: 253299 | pFad | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods

Access-Control-Allow-Methods header - HTTP | MDN
  1. Web
  2. HTTP
  3. Reference
  4. Headers
  5. Access-Control-Allow-Methods

Access-Control-Allow-Methods header

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.

The HTTP Access-Control-Allow-Methods response header specifies one or more HTTP request methods allowed when accessing a resource in response to a preflight request.

Header type Response header

Syntax

http
Access-Control-Allow-Methods: <method>, <method>, …
Access-Control-Allow-Methods: *

Directives

<method>

A comma-separated list of the allowed request methods. GET, HEAD, and POST are always allowed, regardless of whether they are specified in this header, as they are defined as CORS-safelisted methods.

* (wildcard)

All HTTP methods. It has this meaning only for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal method name * without special semantics.

Examples

http
Access-Control-Allow-Methods: PUT, DELETE
Access-Control-Allow-Methods: *

Specifications

Specification
Fetch
# http-access-control-allow-methods

Browser compatibility

See also

Help improve MDN

Learn how to contribute

This page was last modified on by MDN contributors.

View this page on GitHubReport a problem with this content








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy