Access-Control-Allow-Methods
E856187
Access-Control-Allow-Methods is an HTTP response header used in CORS to indicate which HTTP request methods are permitted when accessing a resource from a different origin.
Statements (43)
| Predicate | Object |
|---|---|
| instanceOf |
CORS response header
ⓘ
HTTP response header ⓘ |
| canContain |
CONNECT
ⓘ
DELETE ⓘ GET ⓘ HEAD ⓘ OPTIONS ⓘ PATCH ⓘ POST ⓘ PUT ⓘ TRACE ⓘ |
| category | HTTP CORS response header ⓘ |
| controls | which HTTP methods are allowed in subsequent actual requests ⓘ |
| defaultBehavior | if absent, browser falls back to method used in preflight request rules ⓘ |
| definedIn |
CORS specification
NERFINISHED
ⓘ
Fetch standard ⓘ |
| effectOnClient | limits which methods the client may use for cross-origin access ⓘ |
| governs | which methods are permitted on the target resource from a given origin ⓘ |
| headerName | Access-Control-Allow-Methods ⓘ |
| interpretedBy |
CORS-enabled HTTP clients
ⓘ
web browsers ⓘ |
| introducedFor | enabling fine-grained control over cross-origin HTTP methods ⓘ |
| layer | application layer ⓘ |
| mustMatch | requested method in Access-Control-Request-Method for preflight to succeed ⓘ |
| partOf |
Cross-Origin Resource Sharing
NERFINISHED
ⓘ
HTTP CORS protocol ⓘ |
| processingContext | evaluated during CORS preflight processing ⓘ |
| protocol | HTTP ⓘ |
| relatedTo |
Access-Control-Allow-Headers
ⓘ
Access-Control-Allow-Origin ⓘ Access-Control-Max-Age ⓘ Access-Control-Request-Method ⓘ |
| scope | applies to the resource identified by the response URL ⓘ |
| securityRole | helps prevent unauthorized cross-origin HTTP methods ⓘ |
| sentInResponseTo | CORS preflight request ⓘ |
| status | standard HTTP header in modern browsers ⓘ |
| syntaxExample | Access-Control-Allow-Methods: GET, POST, OPTIONS ⓘ |
| usedFor |
controlling which HTTP methods a client may use in a CORS request
ⓘ
indicating allowed HTTP methods for cross-origin requests ⓘ |
| usedIn | HTTP response ⓘ |
| usedWith |
OPTIONS HTTP method
ⓘ
preflight CORS requests ⓘ |
| valueType | comma-separated list of HTTP methods ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.