HTTP 405 status code means a server doesn’t support the requested HTTP method.
For example, sending a POST request to the endpoint that only supports GET requests will trigger the HTTP 405 error.
When responding with this status code, the server might include the
Allow header indicating supported HTTP methods.
Note that some firewalls and network ACLs might disable particular HTTP methods for increased security. OWASP recommends disabling the HTTP TRACE method because it can be used for the “Cross-Site Tracing (XST)” attack.
As of today, there are 9 available HTTP methods:
HTTP/1.0 and HTTP/1.1 defined LINK and UNLINK HTTP methods, but they never gained a wide adoption.
Let’s send the PATCH request to Google’s homepage using curl:
curl -X PATCH -o /dev/null -vL --compressed https://www.google.com
Their servers respond with a
405 Method Not Allowed status code, including allowed HTTP methods:
HTTP/2 405 allow: GET, HEAD