Access-Control-Request-Method Header
Table of Content
The Access-Control-Request-Method is an important HTTP header used in conjunction with the CORS (Cross-Origin Resource Sharing) mechanism. Essentially, it notifies the server about which method will be used in the actual request as part of the preflight process. This ensures that the server is capable and ready to handle the request, as well as prevent possible security issues or server faults due to unexpected methods.
Syntax
Access-Control-Request-Method: <method>Where <method> refers to an HTTP Method such as GET, POST, DELETE, etc.
Directives
The Access-Control-Request-Method header uses one directive:
<method>: This refers to the HTTP method that will be used in the actual CORS request.
Examples
In a preflight request, the Access-Control-Request-Method can be used as follows:
OPTIONS /resource.jpg HTTP/1.1
Host: example.org
Access-Control-Request-Method: DELETEThis indicates that the actual request will be a DELETE request.
Browser Compatibility
| Browser | Compatibility |
|---|---|
| Chrome | Supported |
| Firefox | Supported |
| Safari | Supported |
| Opera | Supported |
| Edge | Supported |
How to modify Access-Control-Request-Method header
To modify the Access-Control-Request-Method header using the ModHeader Chrome extension, follow these steps:
- Install and open ModHeader extension.
- Select 'Request Headers' tab.
- Click on the 'Add' button to create a new header.
- In the 'Name' field, type 'Access-Control-Request-Method'.
- In the 'Value' field, input the method you intend to use in your actual request (like GET, POST, DELETE, etc.).
- Save your changes.
This way, you can modify the value of your Access-Control-Request-Method header anytime and test different scenarios during your local development or debugging stages. It's very useful to simulate CORS requests and see server responses.