The Access-Control-Allow-Methods header is a Cross-Origin Resource Sharing(CORS) response-type header. It is used to indicate which HTTP methods are permitted while accessing the resources in response to the cross-origin requests.
Syntax:
Access-Control-Allow-Methods: <method>, <method>, ...
OR
Access-Control-Allow-Methods: *
Directives: This header accepts two directive as mentioned above and described below:
- <method>: This directive consists of a list of HTTP request methods separated by a comma.
- *: This directive is a wildcard value to indicate all the requests lacking credentials like HTTP cookies or HTTP authentication information.
Examples:
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Methods: *
Supported Browsers: The browsers are compatible with HTTP Access-Control-Allow-Methods header are listed below:
- Google Chrome
- Edge
- Opera
- Firefox