Difference between 'Allow' and 'Access-Control-Allow-Methods' in HTTP response header?
The Allow
header indicates what methods you accept at all.
It is not used by the browser; it's just for reference.
Access-Control-Allow-Methods
is for cross-domain AJAX requests; the browser will check that header before allowing you to send an AJAX request from a different domain.