Access-Control-Allow-Methods
E856187
Access-Control-Allow-Methods is an HTTP response header used in CORS to indicate which HTTP request methods are permitted when accessing a resource from a different origin.
All labels observed (1)
| Label | Occurrences |
|---|---|
| Access-Control-Allow-Methods canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T10328409 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: Access-Control-Allow-Methods Context triple: [CORS processing model, usesHeader, Access-Control-Allow-Methods]
-
A.
CORS protocol
The CORS protocol is a web security mechanism that controls how browsers permit cross-origin HTTP requests, enabling safe resource sharing between different domains.
-
B.
CORS network
The CORS network is a nationwide system of continuously operating GPS and GNSS reference stations that provides precise positioning data to support surveying, mapping, and geospatial applications.
-
C.
CORS processing model
The CORS processing model is the set of rules and algorithms that govern how web browsers handle cross-origin HTTP requests and responses to enforce the Same-Origin Policy while allowing controlled resource sharing.
-
D.
RFC 7235
RFC 7235 is an IETF specification that defined the HTTP/1.1 authentication framework, including the use of challenge-response mechanisms like Basic and Digest authentication.
-
E.
RFC 7232
RFC 7232 is an HTTP/1.1 specification that defines conditional request mechanisms using validators like ETags and Last-Modified to support efficient caching and concurrency control on the web.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: Access-Control-Allow-Methods Target entity description: Access-Control-Allow-Methods is an HTTP response header used in CORS to indicate which HTTP request methods are permitted when accessing a resource from a different origin.
-
A.
CORS protocol
The CORS protocol is a web security mechanism that controls how browsers permit cross-origin HTTP requests, enabling safe resource sharing between different domains.
-
B.
CORS network
The CORS network is a nationwide system of continuously operating GPS and GNSS reference stations that provides precise positioning data to support surveying, mapping, and geospatial applications.
-
C.
CORS processing model
The CORS processing model is the set of rules and algorithms that govern how web browsers handle cross-origin HTTP requests and responses to enforce the Same-Origin Policy while allowing controlled resource sharing.
-
D.
RFC 7235
RFC 7235 is an IETF specification that defined the HTTP/1.1 authentication framework, including the use of challenge-response mechanisms like Basic and Digest authentication.
-
E.
RFC 7232
RFC 7232 is an HTTP/1.1 specification that defines conditional request mechanisms using validators like ETags and Last-Modified to support efficient caching and concurrency control on the web.
- F. None of above. chosen
Statements (43)
| Predicate | Object |
|---|---|
| instanceOf |
CORS response header
ⓘ
HTTP response header ⓘ |
| canContain |
CONNECT
ⓘ
DELETE ⓘ GET ⓘ HEAD ⓘ OPTIONS ⓘ PATCH ⓘ POST ⓘ PUT ⓘ TRACE ⓘ |
| category | HTTP CORS response header ⓘ |
| controls | which HTTP methods are allowed in subsequent actual requests ⓘ |
| defaultBehavior | if absent, browser falls back to method used in preflight request rules ⓘ |
| definedIn |
CORS specification
NERFINISHED
ⓘ
Fetch standard ⓘ |
| effectOnClient | limits which methods the client may use for cross-origin access ⓘ |
| governs | which methods are permitted on the target resource from a given origin ⓘ |
| headerName | Access-Control-Allow-Methods ⓘ |
| interpretedBy |
CORS-enabled HTTP clients
ⓘ
web browsers ⓘ |
| introducedFor | enabling fine-grained control over cross-origin HTTP methods ⓘ |
| layer | application layer ⓘ |
| mustMatch | requested method in Access-Control-Request-Method for preflight to succeed ⓘ |
| partOf |
Cross-Origin Resource Sharing
NERFINISHED
ⓘ
HTTP CORS protocol ⓘ |
| processingContext | evaluated during CORS preflight processing ⓘ |
| protocol | HTTP ⓘ |
| relatedTo |
Access-Control-Allow-Headers
ⓘ
Access-Control-Allow-Origin ⓘ Access-Control-Max-Age ⓘ Access-Control-Request-Method ⓘ |
| scope | applies to the resource identified by the response URL ⓘ |
| securityRole | helps prevent unauthorized cross-origin HTTP methods ⓘ |
| sentInResponseTo | CORS preflight request ⓘ |
| status | standard HTTP header in modern browsers ⓘ |
| syntaxExample | Access-Control-Allow-Methods: GET, POST, OPTIONS ⓘ |
| usedFor |
controlling which HTTP methods a client may use in a CORS request
ⓘ
indicating allowed HTTP methods for cross-origin requests ⓘ |
| usedIn | HTTP response ⓘ |
| usedWith |
OPTIONS HTTP method
ⓘ
preflight CORS requests ⓘ |
| valueType | comma-separated list of HTTP methods ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: Access-Control-Allow-Methods Description of subject: Access-Control-Allow-Methods is an HTTP response header used in CORS to indicate which HTTP request methods are permitted when accessing a resource from a different origin.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.