Access-Control-Allow-Methods
The HTTP Access-Control-Allow-Methods response header specifies one or more HTTP request methods allowed when accessing a resource in response to a preflight request.
| Header type | Response header |
|---|---|
| Forbidden header name | No |
Syntax
http
Access-Control-Allow-Methods: <method>, <method>, …
Access-Control-Allow-Methods: *
Directives
<method>-
A comma-separated list of the allowed request methods.
*(wildcard)-
All HTTP methods. It has this meaning only for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal method name
*without special semantics.
Examples
http
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Methods: *
Specifications
| Specification |
|---|
| Fetch Standard # http-access-control-allow-methods |
Browser compatibility
BCD tables only load in the browser