Access-Control-Allow-Methods
The Access-Control-Allow-Methods response header
specifies one or more methods allowed when accessing a resource in response to a
preflight request.
| Header type | Response header |
|---|---|
| Forbidden header name | no |
Syntax
Access-Control-Allow-Methods: <method>, <method>, …
Access-Control-Allow-Methods: *
Directives
- <method>
-
A comma-delimited list of the allowed HTTP request methods.
*(wildcard)-
The value "
*" only counts as a special wildcard value for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal method name "*" without special semantics.
Examples
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Methods: *
Specifications
| Specification |
|---|
| Fetch Standard # http-access-control-allow-methods |
Browser compatibility
BCD tables only load in the browser