Skip to content

How to Fix HTTP 405 Method Not Allowed Error

DodaTech Updated 2026-06-24 3 min read

In this tutorial, you'll learn about How to Fix HTTP 405 Method Not Allowed Error. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

The Problem

Your API client receives:

HTTP/1.1 405 Method Not Allowed

Or:

405 Method Not Allowed: The method specified in the request is not allowed for the resource.

The URL exists but does not support the HTTP method (GET, POST, PUT, DELETE, etc.) you used.

Quick Fix

1. Check the intended HTTP method

The most common cause is using the wrong method:

// Wrong — endpoint expects GET but client sends POST
fetch('/api/users/1', { method: 'POST' })

// Right — GET to retrieve a resource
fetch('/api/users/1')

// Wrong — endpoint expects DELETE for deletion
fetch('/api/users/1', { method: 'POST' })

// Right
fetch('/api/users/1', { method: 'DELETE' })

2. Check server route definitions

The route may only be defined for certain methods:

// Express.js example
// Wrong — only GET is defined
app.get('/api/users/:id', handler)

// Right — add support for the needed methods
app.get('/api/users/:id', getHandler)
app.put('/api/users/:id', updateHandler)
app.delete('/api/users/:id', deleteHandler)

3. Check the Allow header

The server should send an Allow header listing supported methods:

# Send an OPTIONS request to see allowed methods
curl -v -X OPTIONS https://api.example.com/users/1

Expected output includes:

Allow: GET, PUT, DELETE, OPTIONS

4. Fix CORS preflight

Browsers send an OPTIONS preflight request before certain requests. If the server does not handle OPTIONS:

// Express.js — handle OPTIONS for all routes
app.options('/api/users/:id', cors())
// Or use the cors middleware globally
app.use(cors())

5. Check for URL collisions

A route defined for a different resource may match first:

// Wrong — /api/users/:id matches before /api/users/delete
app.get('/api/users/:id', handler)
app.get('/api/users/delete', handler)  // never reaches this

// Right — order specific routes first
app.get('/api/users/delete', handler)
app.get('/api/users/:id', handler)

Prevention

  • Use HTTP methods semantically: GET for read, POST for create, PUT for full update, PATCH for partial, DELETE for removal.
  • Document allowed methods for every endpoint.
  • Test all methods during development with curl.
  • Handle OPTIONS requests globally for CORS support.
  • Include the Allow header in 405 responses.

Common Mistakes with 405 method not allowed

  1. Using head and tail instead of pattern matching, causing runtime errors on empty lists
  2. Forgetting that lazy evaluation defers computation until the value is forced, causing space leaks with unevaluated thunks
  3. Using return to exit a function early instead of wrapping a pure value in the monad

These mistakes appear frequently in real-world API code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

### What methods are typically allowed per resource?

GET (read), POST (create), PUT (replace), PATCH (modify), DELETE (remove), OPTIONS (metadata). Not every method needs to be supported on every resource. A read-only API may only support GET.

Why does curl work but the browser gets 405?

Browsers send an OPTIONS preflight for cross-origin requests. If the server does not handle OPTIONS, the preflight fails with 405. Use -X OPTIONS in curl to reproduce this.

Can an API return 405 for a valid method?

If a route exists but the method is not one of the allowed methods, the API returns 405. For example, a read-only endpoint that receives a POST request will return 405 even if the POST endpoint exists on a different URL.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro