Access-Control-Allow-Methods
The Access-Control-Allow-Methods
response header
specifies one or more methods allowed when accessing a resource in response to a
preflight request.
Header type | Response header |
---|---|
Forbidden header name | no |
Syntax
Access-Control-Allow-Methods: <method>, <method>, ... Access-Control-Allow-Methods: *
Directives
- <method>
-
A comma-delimited list of the allowed HTTP request methods.
*
(wildcard)-
The value "
*
" only counts as a special wildcard value for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal method name "*
" without special semantics.
Examples
Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Methods: *
Specifications
Specification |
---|
Fetch Standard # http-access-control-allow-methods |
Browser compatibility
BCD tables only load in the browser