HTTP 405 Method Not Allowed
HTTP 405 Method Not Allowed means the server understood the request and the resource exists, but it does not support the HTTP method used. The server must include an Allow header in the response listing the methods it does accept.
Quick reference
| Code | 405 |
|---|---|
| Name | Method Not Allowed |
| Category | 4xx Client Errors |
| Specification | RFC 9110 §15.5.6 |
| IANA status | Assigned |
| Required response header | Allow: GET, HEAD, POST — server must list accepted methods |
| Client behavior | Read the Allow header and use one of the listed methods instead. |
| In-depth guide | HTTP 405 troubleshooting guide → |
What it means
The distinction between 404 Not Found and 405 Method Not Allowed is important: 404 means the resource does not exist at this URL; 405 means the resource does exist but the method you used is not supported. A PUT to a read-only endpoint, a DELETE to a resource that cannot be deleted, or a GET to a write-only webhook receiver are all 405 scenarios.
RFC 9110 mandates that 405 responses include an Allow header. This is not optional — the Allow header is the client's only way to know what methods to use instead. A 405 without an Allow header is non-compliant and difficult to debug.
Note on OPTIONS and CORS
The OPTIONS method is used for CORS preflight requests and for querying what methods a resource supports. A server returning 405 for OPTIONS is almost certainly a misconfiguration — OPTIONS should return 200 with an Allow header, not 405. 405 on an OPTIONS request will break CORS preflight and prevent cross-origin requests from working.
Common causes
Using POST where GET is required (or vice versa)
REST APIs define which method applies to each resource. Attempting to GET a resource that only accepts POST, or POSTing to a resource that only accepts GET, returns 405. Always match the method to the endpoint's documented contract.
DELETE or PUT on a read-only resource
Some resources are read-only by design — list endpoints, reporting endpoints, or public data feeds. Attempting to modify them with PUT, PATCH, or DELETE returns 405. The Allow header will show GET and HEAD as the only supported methods.
Missing or misconfigured route in the application
Web frameworks that route requests by both path and method will return 405 when a route exists for a path but not for the requested method. Check the application routing configuration to ensure the intended method is registered.
Proxy or API gateway method filtering
API gateways and reverse proxies can restrict which HTTP methods are forwarded. A gateway configured to forward only GET and POST will return 405 for PUT, DELETE, or PATCH requests before they reach the origin.
How to fix a 405 error
- Read the Allow header. The response must include
Allow: [methods]. Use one of those methods instead. - Check the API documentation. Confirm which method is correct for the operation you are trying to perform.
- Verify your request. Confirm you are sending the request to the correct endpoint URL with the correct method. URL typos can route a request to the wrong endpoint that does not support the method.
- Check proxy and gateway configuration if requests pass through middleware that filters methods.
- If you control the server: ensure the route handler is registered for the expected method, and implement OPTIONS handling that returns the correct Allow header.
405 vs 404 vs 501
| Code | Resource exists? | Problem |
|---|---|---|
| 405 | Yes | Wrong method for this specific resource |
| 404 | No | Resource does not exist at this URL |
| 501 | Irrelevant | Server does not implement this method at all |
See also: 403 vs 405 · 405 vs 501
Related resources
On this site: HTTP 405 troubleshooting guide · HTTP 404 Not Found · HTTP 501 Not Implemented · HTTP 403 Forbidden · All 4xx client errors
Comparisons: 403 vs 405 · 405 vs 501
Standards: RFC 9110 §15.5.6 · IANA Registry · MDN Web Docs: 405