This is a response header which specifies a method or methods that are allowed while accessing the resource in response to a preflight request.This header is a comma-delimited list of all the methods supported by HTTP. It is to be noted that though a preflight request just asks for permissions only for a single HTTP method, this header can also include the whole list of all the supported methods in HTTP.
This is deemed to be helpful as the preflight response might be cached. Therefore, just a single preflight response can carry or hold the details about multiple set of request types.
The header under consideration is said to be a CORS response header, which can hold multiple values. This header signifies what all methods in HTTP can be allowed on a specific endpoint for the cross-origin requests. If we want to allow all the HTTP methods then it is fine to set value to something such as, “Access-Control-Allow-Methods: GET, PUT, POST, DELETE, HEAD”. But, let’s say we want to just limit the endpoint to just few methods then we must only incorporate those particular methods.
Enablement in Apache:
The following line given below is added in the configuration file.
Header always set Access-Control-Allow-Methods “POST, GET, OPTIONS, DELETE, PUT”
Enablement in Nginx:
The syntax given below is added in the “nginx.conf” file.
add_header ‘Access-Control-Allow-Methods’ ‘GET, POST, OPTIONS’;