The Access-Control-Allow-Methods response header
specifies the method or methods allowed when accessing the resource in response to a
preflight request.
| Header type | Response header |
|---|---|
| Forbidden header name | no |
Syntax
Access-Control-Allow-Methods: <method>, <method>, ...
Access-Control-Allow-Methods: *
Directives
- <method>
- Comma-delimited list of the allowed HTTP request methods.
*(wildcard)- The value "
*" only counts as a special wildcard value for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal method name "*" without special semantics.
Examples
Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Methods: *
Specifications
| Specification | Status | Comment |
|---|---|---|
| Fetch The definition of 'Access-Control-Allow-Methods' in that specification. |
Living Standard | Initial definition |
Browser compatibility
BCD tables only load in the browser
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.