Access-Control-Allow-Methods
The Access-Control-Allow-Methods response header
specifies the method or methods allowed when accessing the resource in response to a
preflight request.
| Header type | Response header |
|---|---|
| Forbidden header name | no |
Syntax
Access-Control-Allow-Methods: <method>, <method>, ...
Access-Control-Allow-Methods: *
Directives
- <method>
- Comma-delimited list of the allowed HTTP request methods.
*(wildcard)- The value "
*" only counts as a special wildcard value for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal method name "*" without special semantics.
Examples
Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Methods: *
Specifications
| Specification |
|---|
| Fetch Standard (Fetch) # http-access-control-allow-methods |
Browser compatibility
BCD tables only load in the browser