Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Make Access-Control-Allow-Methods matching in CORS preflight spec conformant
Supported versions
- On Windows and macOS since 123 or later
Description
This policy controls whether request methods are uppercased when matching with Access-Control-Allow-Methods response headers in CORS preflight.
If you disable this policy, request methods are uppercased. This is the behavior on or before Microsoft Edge 108.
If you enable or don't configure this policy, request methods are not uppercased, unless matching case-insensitively with DELETE, GET, HEAD, OPTIONS, POST, or PUT.
This would reject fetch(url, {method: 'Foo'}) + "Access-Control-Allow-Methods: FOO" response header, and would accept fetch(url, {method: 'Foo'}) + "Access-Control-Allow-Methods: Foo" response header.
Note: request methods "post" and "put" are not affected, while "patch" is affected.
This policy is intended to be temporary and will be removed in the future.
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: No - Requires browser restart
- Per Profile: Yes
- Applies to a profile that is signed in with a Microsoft account: No
Data type
- Boolean
Windows information and settings
Group Policy (ADMX) info
- GP unique name: AccessControlAllowMethodsInCORSPreflightSpecConformant
- GP name: Make Access-Control-Allow-Methods matching in CORS preflight spec conformant
- GP path (Mandatory): Administrative Templates/Microsoft Edge/Network settings
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Enabled
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: AccessControlAllowMethodsInCORSPreflightSpecConformant
- Value type: REG_DWORD
Example registry value
0x00000001
Mac information and settings
- Preference Key name: AccessControlAllowMethodsInCORSPreflightSpecConformant
- Example value:
<true/>