相关文章推荐
飘逸的登山鞋  ·  405 Method Not ...·  1 月前    · 
傲视众生的电脑桌  ·  Access-Control-Allow-O ...·  1 月前    · 
豁达的小马驹  ·  OSS设置跨域资源共享CORS_对象存储(O ...·  1 月前    · 
很拉风的啄木鸟  ·  跨站资源共享(CORS)漏洞的误配置及检测方 ...·  1 月前    · 
销魂的大白菜  ·  客户端漏洞篇之跨域资源共享(CORS)专题 ...·  1 月前    · 
近视的熊猫  ·  训练好的深度学习模型原来这样部署的!(干货满 ...·  1 年前    · 
玩足球的酱牛肉  ·  Mac下终端升级flutter版本报错 - 掘金·  2 年前    · 
腹黑的鸵鸟  ·  gitlab代码合并(merge ...·  2 年前    · 
Code  ›  405 Method Not Allowed - HTTP | MDN
access origin header cors
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/405
飘逸的登山鞋
1 月前

The HTTP 405 Method Not Allowed client error response status code indicates that the server knows the request method, but the target resource doesn't support this method. The server must generate an Allow header in a 405 response with a list of methods that the target resource currently supports.

Improper server-side permissions set on files or directories may cause a 405 response when the request would otherwise be expected to succeed.

TRACE method not allowed

Server owners often disallow the use of the TRACE method due to security concerns. The following example shows a typical response where a server doesn't allow the use of TRACE :

http 
TRACE / HTTP/1.1
Host: example.com

http
HTTP/1.1 405 Method Not Allowed
Content-Length: 0
Date: Fri, 28 Jun 2024 14:30:31 GMT
Server: ECLF (nyd/D179)
Allow: GET, POST, HEAD
    
Specifications

        Specification

  • 501 Not Implemented, 510 Not Extended
    • 

  • HTTP Status Code Definitions
    • 

  • How to Fix 405 Method Not Allowed
    • 

  • Troubleshooting HTTP 405
    • 
          Learn how to contribute 
    
    This page was last modified on  by MDN contributors.
    View this page on GitHubReport a problem with this content
      
    1. HTTP
    2. Guides
    3. Overview of HTTP
    4. Evolution of HTTP
    5. A typical HTTP session
    6. HTTP messages
    7. Media types
      1. Common types
    8. Compression in HTTP
    9. HTTP caching
    10. HTTP authentication
    11. Using HTTP cookies
    12. Redirections in HTTP
    13. Conditional requests
    14. Range requests
    15. Client hints
    16. Compression Dictionary Transport


    17. Network Error Logging


    18. Content negotiation
      1. Default Accept values
    19. Browser detection using the UA string
    20. Connection management in HTTP/1.x
    21. Protocol upgrade mechanism
    22. Proxy servers and tunneling
      1. Proxy Auto-Configuration (PAC) file
    23. Security and privacy
      1. HTTP Observatory
      2. Practical implementation guides
      3. Permissions Policy


      4. Cross-Origin Resource Policy (CORP)
      5. Cross-Origin Resource Sharing (CORS)
      6. CORS errors
        1. Reason: CORS disabled
        2. Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'
        3. Reason: CORS header 'Access-Control-Allow-Origin' missing
        4. Reason: CORS header 'Origin' cannot be added
        5. Reason: CORS preflight channel did not succeed
        6. Reason: CORS request did not succeed
        7. Reason: CORS request external redirect not allowed
        8. Reason: CORS request not HTTP
        9. Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'
        10. Reason: Did not find method in CORS header 'Access-Control-Allow-Methods'
        11. Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'
        12. Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Headers'
        13. Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Methods'
        14. Reason: missing token 'xyz' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel
        15. Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed
      7. Content Security Policy (CSP)
        1. Errors and warnings
    24. Reference
    25. HTTP headers
      1. Accept
      2. Accept-CH
      3. Accept-Encoding
      4. Accept-Language
      5. Accept-Patch
      6. Accept-Post
      7. Accept-Ranges
      8. Access-Control-Allow-Credentials
      9. Access-Control-Allow-Headers
      10. Access-Control-Allow-Methods
      11. Access-Control-Allow-Origin
      12. Access-Control-Expose-Headers
      13. Access-Control-Max-Age
      14. Access-Control-Request-Headers
      15. Access-Control-Request-Method
      16. Age
      17. Allow
      18. Alt-Svc
      19. Alt-Used
      20. Attribution-Reporting-Eligible


      21. Attribution-Reporting-Register-Source


      22. Attribution-Reporting-Register-Trigger


      23. Authorization
      24. Available-Dictionary


      25. Cache-Control
      26. Clear-Site-Data
      27. Connection
      28. Content-Digest
      29. Content-Disposition
      30. Content-DPR



      31. Content-Encoding
      32. Content-Language
      33. Content-Length
      34. Content-Location
      35. Content-Range
      36. Content-Security-Policy
      37. Content-Security-Policy-Report-Only
      38. Content-Type
      39. Cookie
      40. Critical-CH


      41. Cross-Origin-Embedder-Policy
      42. Cross-Origin-Opener-Policy
      43. Cross-Origin-Resource-Policy
      44. Date
      45. Device-Memory
      46. Dictionary-ID




      47. Downlink




      48. Early-Data



      49. ETag
      50. Expect
      51. Expect-CT


      52. Expires
      53. Forwarded
      54. From
      55. Host
      56. If-Match
      57. If-Modified-Since
      58. If-None-Match
      59. If-Range
      60. If-Unmodified-Since
      61. Integrity-Policy


      62. Integrity-Policy-Report-Only


      63. Keep-Alive
      64. Last-Modified
      65. Link
      66. Location
      67. Max-Forwards
      68. NEL


      69. No-Vary-Search


      70. Observe-Browsing-Topics



      71. Origin
      72. Origin-Agent-Cluster
      73. Permissions-Policy


      74. Pragma


      75. Prefer
      76. Preference-Applied
      77. Priority
      78. Proxy-Authenticate
      79. Proxy-Authorization
      80. Range
      81. Referer
      82. Referrer-Policy
      83. Refresh
      84. Report-To



      85. Reporting-Endpoints
      86. Repr-Digest
      87. Retry-After
      88. RTT


      89. Save-Data


      90. Sec-Browsing-Topics



      91. Sec-CH-Prefers-Color-Scheme


      92. Sec-CH-Prefers-Reduced-Motion


      93. Sec-CH-Prefers-Reduced-Transparency


      94. Sec-CH-UA


      95. Sec-CH-UA-Arch


      96. Sec-CH-UA-Bitness


      97. Sec-CH-UA-Form-Factors


      98. Sec-CH-UA-Full-Version


      99. Sec-CH-UA-Full-Version-List


      100. Sec-CH-UA-Mobile


      101. Sec-CH-UA-Model


      102. Sec-CH-UA-Platform


      103. Sec-CH-UA-Platform-Version


      104. Sec-CH-UA-WoW64


      105. Sec-Fetch-Dest
      106. Sec-Fetch-Mode
      107. Sec-Fetch-Site
      108. Sec-Fetch-User
      109. Sec-GPC


      110. Sec-Purpose
      111. Sec-Speculation-Tags


      112. Sec-WebSocket-Accept
      113. Sec-WebSocket-Extensions
      114. Sec-WebSocket-Key
      115. Sec-WebSocket-Protocol
      116. Sec-WebSocket-Version
      117. Server
      118. Server-Timing
      119. Service-Worker
      120. Service-Worker-Allowed
      121. Service-Worker-Navigation-Preload
      122. Set-Cookie
      123. Set-Login
      124. SourceMap
      125. Speculation-Rules


      126. Strict-Transport-Security
      127. Supports-Loading-Mode


      128. TE
      129. Timing-Allow-Origin
      130. Tk



      131. Trailer
      132. Transfer-Encoding
      133. Upgrade
      134. Upgrade-Insecure-Requests
      135. Use-As-Dictionary


      136. User-Agent
      137. Vary
      138. Via
      139. Viewport-Width



      140. Want-Content-Digest
      141. Want-Repr-Digest
      142. Warning


      143. Width



      144. WWW-Authenticate
      145. X-Content-Type-Options
      146. X-DNS-Prefetch-Control


      147. X-Forwarded-For


      148. X-Forwarded-Host


      149. X-Forwarded-Proto


      150. X-Frame-Options
      151. X-Permitted-Cross-Domain-Policies


      152. X-Powered-By


      153. X-Robots-Tag


      154. X-XSS-Protection



    26. HTTP request methods
      1. CONNECT
      2. DELETE
      3. GET
      4. HEAD
      5. OPTIONS
      6. PATCH
      7. POST
      8. PUT
      9. TRACE
    27. HTTP response status codes
      1. 100 Continue
      2. 101 Switching Protocols
      3. 102 Processing
      4. 103 Early Hints
      5. 200 OK
      6. 201 Created
      7. 202 Accepted
      8. 203 Non-Authoritative Information
      9. 204 No Content
      10. 205 Reset Content
      11. 206 Partial Content
      12. 207 Multi-Status
      13. 208 Already Reported
      14. 226 IM Used
      15. 300 Multiple Choices
      16. 301 Moved Permanently
      17. 302 Found
      18. 303 See Other
      19. 304 Not Modified
      20. 307 Temporary Redirect
      21. 308 Permanent Redirect
      22. 400 Bad Request
      23. 401 Unauthorized
      24. 402 Payment Required
      25. 403 Forbidden
      26. 404 Not Found
      27. 405 Method Not Allowed
      28. 406 Not Acceptable
      29. 407 Proxy Authentication Required
      30. 408 Request Timeout
      31. 409 Conflict
      32. 410 Gone
      33. 411 Length Required
      34. 412 Precondition Failed
      35. 413 Content Too Large
      36. 414 URI Too Long
      37. 415 Unsupported Media Type
      38. 416 Range Not Satisfiable
      39. 417 Expectation Failed
      40. 418 I'm a teapot
      41. 421 Misdirected Request
      42. 422 Unprocessable Content
      43. 423 Locked
      44. 424 Failed Dependency
      45. 425 Too Early
      46. 426 Upgrade Required
      47. 428 Precondition Required
      48. 429 Too Many Requests
      49. 431 Request Header Fields Too Large
      50. 451 Unavailable For Legal Reasons
      51. 500 Internal Server Error
      52. 501 Not Implemented
      53. 502 Bad Gateway
      54. 503 Service Unavailable
      55. 504 Gateway Timeout
      56. 505 HTTP Version Not Supported
      57. 506 Variant Also Negotiates
      58. 507 Insufficient Storage
      59. 508 Loop Detected
      60. 510 Not Extended
      61. 511 Network Authentication Required
    28. CSP directives
      1. base-uri
      2. block-all-mixed-content


      3. child-src
      4. connect-src
      5. default-src
      6. fenced-frame-src


      7. font-src
      8. form-action
      9. frame-ancestors
      10. frame-src
      11. img-src
      12. manifest-src
      13. media-src
      14. object-src
      15. prefetch-src



      16. report-to
      17. report-uri


      18. require-trusted-types-for
      19. sandbox
      20. script-src
      21. script-src-attr
      22. script-src-elem
      23. style-src
      24. style-src-attr
      25. style-src-elem
      26. trusted-types
      27. upgrade-insecure-requests
      28. worker-src
    29. Permissions-Policy directives


      1. accelerometer


      2. ambient-light-sensor


      3. aria-notify



      4. attribution-reporting


      5. autoplay


      6. bluetooth


      7. browsing-topics



      8. camera


      9. captured-surface-control


      10. compute-pressure


      11. cross-origin-isolated


      12. deferred-fetch


      13. deferred-fetch-minimal


      14. display-capture


      15. encrypted-media


      16. fullscreen


      17. gamepad


      18. geolocation


      19. gyroscope



      20. identity-credentials-get


      21. idle-detection


      22. language-detector


      23. local-fonts


      24. magnetometer


      25. microphone



      26. on-device-speech-recognition


      27. otp-credentials


      28. payment


      29. picture-in-picture


      30. publickey-credentials-create


      31. publickey-credentials-get


      32. screen-wake-lock


      33. serial


      34. speaker-selection


      35. storage-access


      36. summarizer


      37. translator



      38. web-share


      39. window-management


      40. xr-spatial-tracking


    30. HTTP resources and specifications
     
    推荐文章
    飘逸的登山鞋  ·  405 Method Not Allowed - HTTP | MDN
    1 月前
    傲视众生的电脑桌  ·  Access-Control-Allow-Origin - HTTP | MDN
    1 月前
    豁达的小马驹  ·  OSS设置跨域资源共享CORS_对象存储(OSS)-阿里云帮助中心
    1 月前
    很拉风的啄木鸟  ·  跨站资源共享(CORS)漏洞的误配置及检测方法 - 时光不改
    1 月前
    销魂的大白菜  ·  客户端漏洞篇之跨域资源共享(CORS)专题 - FreeBuf网络安全行业门户
    1 月前
    近视的熊猫  ·  训练好的深度学习模型原来这样部署的!(干货满满,收藏慢慢看)-腾讯云开发者社区-腾讯云
    1 年前
    玩足球的酱牛肉  ·  Mac下终端升级flutter版本报错 - 掘金
    2 年前
    腹黑的鸵鸟  ·  gitlab代码合并(merge request )取消 [默认删除分支(Delete source branch)] 选项_gitlab取消合并-CSDN博客
    2 年前
    今天看啥   ·   Py中国   ·   codingpro   ·   小百科   ·   link之家   ·   卧龙AI搜索
    删除内容请联系邮箱 2879853325@qq.com
    Code - 代码工具平台
    © 2024 ~ 沪ICP备11025650号