allow-method

Edit online

The allow-method entry specifies which methods will be presented in preflight responses to clients as acceptable to use when making cross-origin requests to resources which this policy is applicable to.

Syntax

allow-method = <method>

Description

A method which is permitted when making cross-origin requests to the resources protected by this policy. This configuration entry may be specified multiple times to indicate multiple allowable methods. A value of '*' can be specified to indicate that any method is acceptable, in this case the reverse proxy will respond with the method presented by the client in the Access-Control-Request-Method header.

When configured with a header or list of headers, this configuration entry will add the following header to pre-flight responses:

Access-Control-Allow-Method = <any values given in this policy>

When configured with '*', this configuration entry will add the following header to pre-flight responses:

Access-Control-Allow-Method = <any value presented by the client in the Acccess-Control-Request-Method>

Note:

If a pre-flight request is received containing an Access-Control-Request-Method header with a value that is not acceptable, the reverse proxy will return a CORS error response.
The following simple methods are considered always allowed and are never returned in the Access-Control-Allow-Method header:
- GET
- HEAD
- POST

This entry only affects only pre-flight requests.

Options

header: This entry should either be '*' or a header name.

Usage

You can specify multiple entries if needed.

The method matching performed is case sensitive.

If an '*' entry is specified, all other allow-header entries for this policy are ignored.

Default Value

None.

Example

allow-method = PUT