Access-Control-Allow-Methods

Jump to:

Syntax
Directives
Examples
Specifications
Browser compatibility
Compatibility notes
See also

The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.

Header type	Response header
Forbidden header name	no

Syntax

Access-Control-Allow-Methods: <method>, <method>, ...

Directives

<method>: Comma-delimited list of the allowed HTTP request methods.

Examples

Access-Control-Allow-Methods: POST, GET, OPTIONS

Specifications

Specification	Status	Comment
Fetch The definition of 'Access-Control-Allow-Methods' in that specification.	Living Standard	Initial definition

Feature	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari
Basic support	4	12	3.5	10	12	4

Feature	Android webview	Chrome for Android	Edge mobile	Firefox for Android	Opera Android	iOS Safari	Samsung Internet
Basic support	2.1	Yes	Yes	4	12	3.2	Yes

	Desktop						Mobile
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari	Android webview	Chrome for Android	Edge Mobile	Firefox for Android	Opera for Android	iOS Safari	Samsung Internet
Basic support	Full support 4	Full support 12	Full support 3.5	Full support 10	Full support 12	Full support 4	Full support 2.1	Full support Yes	Full support Yes	Full support 4	Full support 12	Full support 3.2	Full support Yes

Legend

Full support: Full support

Compatibility notes

The wildcard value (*) that is mentioned in the latest specification, is not yet implemented in browsers:
- Chromium: Issue 615313
- Firefox: bug 1309358
- Servo: Issue 13283

Document Tags and Contributors

Tags:

Contributors to this page: fscholz, teoli

Last updated by: fscholz, Jun 7, 2017, 10:18:58 AM