Method Not Allowed

ⓘ Quick Definition

The HTTP method used in the request is not supported for the target resource. The server knows the method (GET, POST, PUT, DELETE, etc.) but the resource doesn't accept it. For example, trying to POST data to a resource that only supports GET. The server must include an Allow header in the response listing the methods that are supported.

⏰ When It Occurs

A 405 error occurs when you send a request using an HTTP method that the server's routing configuration doesn't allow for that specific endpoint. This is most common in REST API development where each endpoint explicitly defines which methods it supports.

For example, a /users endpoint might support GET (list users) and POST (create user), but return 405 if you try PUT or DELETE on it. The 405 is different from 404 because the resource exists - it just doesn't support the method you used.

⚠ Common Causes

• Using POST on a GET-only endpoint - Trying to submit data to a resource that only serves content
• PUT/DELETE not configured on the server - Many servers disable PUT and DELETE by default for security
• CORS preflight OPTIONS rejected - Server doesn't handle OPTIONS requests, causing CORS preflight failures
• API versioning changed allowed methods - A newer API version may have different method support than expected
• Web server configuration restricting methods - Server config explicitly limits allowed methods per location block
• Framework routing mismatch - The route is defined for a different method than what's being sent
• REST API method mapping error - Sending PATCH when the API only supports PUT for updates, or vice versa

Platform-Specific Notes:

Nginx Returns 405 with the limit_except directive. By default, static files only allow GET and HEAD. Use error_page 405 =200 $uri; as a workaround.

Apache Uses <Limit> and <LimitExcept> directives to control allowed methods per directory or location.

Cloudflare Passes through the origin's 405 response. Cloudflare Workers can intercept and handle specific methods.

Node.js Express returns 405 implicitly when no route handler matches the method. Use app.all() to catch all methods on a route.

🛠 How to Fix

1. Check API documentation for allowed methods - Review the docs to confirm which methods each endpoint supports
2. Verify the request method is correct - Ensure you're using the right method (GET, POST, PUT, PATCH, DELETE)
3. Check the Allow response header - The 405 response must include an Allow header listing supported methods
4. Review server/framework routing configuration - Verify routes are defined for the correct methods
5. Ensure CORS allows the method - Add the method to Access-Control-Allow-Methods and handle OPTIONS preflight
6. Update API client code - Modify your client to use the correct HTTP method as specified in the API docs

💻 HTTP Example

# Trying to POST to a GET-only endpoint
POST /api/users/123 HTTP/1.1
Host: api.example.com
Content-Type: application/json

{"name": "Updated Name"}

# Server Response (only GET and PUT are allowed)
HTTP/1.1 405 Method Not Allowed
Allow: GET, PUT, HEAD, OPTIONS
Content-Type: application/json

{
  "error": "Method Not Allowed",
  "message": "POST is not supported for /api/users/123. Use PUT to update.",
  "allowed_methods": ["GET", "PUT", "HEAD", "OPTIONS"],
  "statusCode": 405
}

🔗 Related Status Codes