Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
mohamedkhallouq
GitHub Repository: mohamedkhallouq/content
 Path: blob/main/files/en-us/web/http/headers/access-control-allow-methods/index.md
6532 views
---
title: Access-Control-Allow-Methods
slug: Web/HTTP/Headers/Access-Control-Allow-Methods
browser-compat: http.headers.Access-Control-Allow-Methods
---

{{HTTPSidebar}}

The Access-Control-Allow-Methods response header specifies one or more methods allowed when accessing a resource in response to a {{glossary("preflight request")}}.

Header type {{Glossary("Response header")}}
{{Glossary("Forbidden header name")}} no

Syntax

Access-Control-Allow-Methods: <method>, <method>, …
Access-Control-Allow-Methods: *

Directives

  • <method>

  • * (wildcard)

    • : The value "*" only counts as a special wildcard value for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal method name "*" without special semantics.

Examples

Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Methods: *

Specifications

{{Specifications}}

Browser compatibility

{{Compat}}

See also

  • {{HTTPHeader("Access-Control-Allow-Origin")}}

  • {{HTTPHeader("Access-Control-Expose-Headers")}}

  • {{HTTPHeader("Access-Control-Allow-Headers")}}

  • {{HTTPHeader("Access-Control-Request-Method")}}