Access-Control-Allow-Methods

In This Article

Syntax
Directives
Examples
Specifications
Browser compatibility
Compatibility notes
See also

The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.

Header type	Response header
Forbidden header name	no

Syntax

Access-Control-Allow-Methods: <method>, <method>, ...

Directives

<method>: Comma-delimited list of the allowed HTTP request methods.

Examples

Access-Control-Allow-Methods: POST, GET, OPTIONS

Specifications

Specification	Status	Comment
Fetch The definition of 'Access-Control-Allow-Methods' in that specification.	Living Standard	Initial definition

Feature	Chrome	Firefox	Edge	Internet Explorer	Opera	Safari
Basic Support	4	3.5	12	10	12	4

Feature	Android	Chrome for Android	Edge mobile	Firefox for Android	IE mobile	Opera Android	iOS Safari
Basic Support	2.1	(Yes)	(Yes)	1.0	(Yes)	12	3.2

Compatibility notes

The wildcard value (*) that is mentioned in the latest specification, is not yet implemented in browsers:
- Chromium: Issue 615313
- Firefox: bug 1309358
- Servo: Issue 13283

Document Tags and Contributors

Tags:

Contributors to this page: fscholz, teoli

Last updated by: fscholz, Jun 7, 2017, 10:18:58 AM