HTTP 405 Method Not Allowed - What It Means and How to Fix It

Q: What does HTTP 405 Method Not Allowed mean?

HTTP 405 means the server recognizes the URL but the HTTP method used (GET, POST, PUT, DELETE, PATCH) is not supported for that endpoint. For example, trying to POST to a read-only resource or sending DELETE to an endpoint that only accepts GET. The response includes an Allow header listing which methods are supported.

Q: How do I fix a 405 error in a REST API?

Check the Allow header in the 405 response to see which methods are supported. Verify you are using the correct HTTP method for the operation: GET for reading, POST for creating, PUT/PATCH for updating, DELETE for removing. If the method should be supported, check your server route definitions — the route may be registered with a different method than intended.

Q: Why do I get 405 when submitting a form?

HTML forms only support GET and POST methods. If your form's action URL only has a GET handler but the form uses method='POST' (or vice versa), you will get a 405. Check the form's method attribute and ensure the server has a matching handler. Also check for trailing slash mismatches — /submit and /submit/ may route differently.

What Does HTTP 405 Method Not Allowed Mean?

HTTP 405 indicates that the server knows about the target resource and the URL is valid, but the HTTP method used in the request (GET, POST, PUT, DELETE, PATCH, etc.) is not supported for that resource. The resource exists, but you are trying to interact with it in a way it does not support.

The server must include an Allow header in the 405 response that lists the HTTP methods the resource does support. For example: Allow: GET, HEAD, OPTIONS. This tells the client exactly which methods to use instead.

This is different from 404 (resource does not exist) and 501 (server does not support the method at all). With 405, the resource is there and the server knows the method — it just will not let you use that method on this particular resource.

Common Causes

POST to a GET-only endpoint: Trying to send data to a resource that only supports reading. Example: POST /api/status when /api/status only accepts GET.
DELETE on a non-deletable resource: Some resources are immutable. Trying to DELETE an audit log entry or a system-generated record returns 405 because deletion is not a valid operation.
Trailing slash mismatch: POST /api/users may be defined, but POST /api/users/ (with trailing slash) routes to a different handler that only accepts GET. Many frameworks treat these as different routes.
CORS preflight confusion: An OPTIONS request succeeds (CORS preflight) but the actual POST or PUT fails with 405 because the route handler does not accept that method. This can happen when CORS is configured globally but routes are defined narrowly.
Static file server blocking methods: Trying to POST, PUT, or DELETE on a static file server that only serves files via GET. Nginx and Apache return 405 when you try to use unsupported methods on static content.

How to Fix It

Step 1: Check the Allow Header

$ curl -i -X DELETE https://api.example.com/users

HTTP/1.1 405 Method Not Allowed
Allow: GET, POST
Content-Type: application/json

{"error": "DELETE is not supported on /users. Use DELETE /users/:id instead."}
      

Step 2: Check Your Route Definitions

// Express.js - Make sure methods match

// WRONG: Only GET is defined, POST will return 405
app.get('/api/contact', (req, res) => { ... });

// RIGHT: Define both GET and POST
app.get('/api/contact', (req, res) => {
  res.json({ message: 'Contact form endpoint' });
});
app.post('/api/contact', (req, res) => {
  // Handle form submission
  res.status(201).json({ message: 'Message sent' });
});
      

Django REST Framework

from rest_framework.views import APIView

class UserListView(APIView):
    # These are the only methods this view supports
    # Any other method automatically returns 405 with Allow header

    def get(self, request):
        """List users - GET is allowed"""
        return Response(UserSerializer(User.objects.all(), many=True).data)

    def post(self, request):
        """Create user - POST is allowed"""
        serializer = UserSerializer(data=request.data)
        serializer.is_valid(raise_exception=True)
        serializer.save()
        return Response(serializer.data, status=201)

    # DELETE, PUT, PATCH are not defined → 405 Method Not Allowed
      

Nginx: Allow POST on Static Files

# If you need to accept POST on a location served by Nginx
# (e.g., forwarding to a backend)
location /api/ {
    # Proxy to backend that handles POST
    proxy_pass http://backend:3000;

    # Or if you intentionally want to handle POST as GET
    error_page 405 =200 $uri;  # Not recommended, but sometimes needed
}
      

Frequently Asked Questions

What does HTTP 405 Method Not Allowed mean?

It means the URL you are requesting exists, but the HTTP method you used (GET, POST, PUT, DELETE, etc.) is not supported for that specific resource. Check the Allow header in the response to see which methods the endpoint accepts, then retry with the correct method.

How do I fix a 405 error in a REST API?

First, read the Allow header in the 405 response. It lists the accepted methods. Common fix: you may be POSTing to a collection endpoint (/users) when you should be PUTing to a specific resource (/users/42). Also check for trailing slash differences and ensure your client library is sending the intended method.

Why do I get 405 when submitting a form?

HTML forms use GET or POST (set via the method attribute). If the server-side handler only accepts the opposite method, you get 405. Check your form's method attribute and match it to the server route. Also check for trailing slash mismatches — some frameworks treat /submit and /submit/ as different endpoints.

Related Status Codes

Related Tools

HTTP Status Codes Reference API Tester cURL Command Builder HTTP Headers Analyzer