HTTP 405 Method Not Allowed — Allow Header & Fix Guide
The HTTP method used in the request is not supported for the target resource. The response must include an Allow header listing the supported methods.
When to Return 405
Return 405 when a client uses an unsupported method on a valid resource (e.g., DELETE on a read-only resource, POST on a resource that only supports GET). Always include the Allow header.
Common Causes
- Calling DELETE on a read-only API endpoint
- Using POST when only GET is allowed
- PUT to an endpoint that only accepts PATCH
- Submitting a form to an endpoint that only accepts GET
HTTP Response Example
HTTP/1.1 405 Method Not Allowed
Allow: GET, POST
Content-Type: application/json
{"error": "Method Not Allowed"}Code Examples
Express.js
app.route('/users')
.get(listUsers)
.post(createUser)
// Express auto-sends 405 for unsupported methods on defined routes.
// To add Allow header manually:
app.delete('/users', (req, res) => {
res
.set('Allow', 'GET, POST')
.status(405)
.json({ error: 'Method Not Allowed' })
})Next.js App Router
// app/api/users/route.ts — only export the methods you support
// Next.js automatically returns 405 with Allow header for other methods
export async function GET() { /* ... */ }
export async function POST() { /* ... */ }
// DELETE, PUT, PATCH → 405 Method Not Allowed (automatic)Related Status Codes
Frequently Asked Questions
What does HTTP 405 Method Not Allowed mean?
The HTTP method used in the request is not supported for the target resource. The response must include an Allow header listing the supported methods.
When should an API return 405?
Return 405 when a client uses an unsupported method on a valid resource (e.g., DELETE on a read-only resource, POST on a resource that only supports GET). Always include the Allow header.
What causes an HTTP 405 error?
Common causes: Calling DELETE on a read-only API endpoint; Using POST when only GET is allowed; PUT to an endpoint that only accepts PATCH; Submitting a form to an endpoint that only accepts GET.
