Access-Control-Allow-Methods

In This Article

Syntax
Directives
Examples
Specifications
Browser compatibility
Compatibility notes
See also

The Access-Control-Allow-Methods response header specifies the method or methods allowed when accessing the resource in response to a preflight request.

Header type	Response header
Forbidden header name	no

Syntax

Access-Control-Allow-Methods: <method>, <method>, ...

Directives

<method>: Comma-delimited list of the allowed HTTP request methods.

Examples

Access-Control-Allow-Methods: POST, GET, OPTIONS

Specifications

Specification	Status	Comment
Fetch The definition of 'Access-Control-Allow-Methods' in that specification.	Living Standard	Initial definition

Feature	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari	Servo
Access-Control-Allow-Methods	4	12	3.5	10	12	4	?

Feature	Android	Chrome for Android	Edge Mobile	Firefox for Android	IE Mobile	Opera Mobile	Safari Mobile
Access-Control-Allow-Methods	2.1	(Yes)	(Yes)	1.0	(Yes)	12	3.2

Compatibility notes

The wildcard value (*) that is mentioned in the latest specification, is not yet implemented in browsers:
- Chromium: Issue 615313
- Firefox: bug 1309358
- Servo: Issue 13283

Document Tags and Contributors

Tags:

Contributors to this page: fscholz, teoli

Last updated by: fscholz, Nov 15, 2016, 2:01:13 PM