AES Encryption Explained: How It Works and Why It Matters
Jun 23, 2026
4xx Client Error
The 405 (Method Not Allowed) status code indicates that the method received in the request-line is known by the origin server but not supported by the target resource. The response must include an Allow header listing the supported methods. For example, an API endpoint might only accept GET and POST, and respond with 405 for PUT or DELETE requests.
When a client sends a DELETE request to a read-only endpoint that only supports GET, respond with 405 Method Not Allowed and include an Allow: GET header. This helps API consumers understand which methods are available without consulting external documentation.
// Laravel - returning 405 with allowed methods
return response()->json([
'error' => 'Method not allowed',
'allowed_methods' => ['GET', 'POST'],
], 405)
->header('Allow', 'GET, POST');
Mistake: Forgetting the Allow header in a 405 response
Fix: The HTTP spec requires an Allow header in 405 responses listing the supported methods. Without it, clients do not know which methods are valid.
Mistake: Returning 400 or 404 instead of 405 for wrong methods
Fix: Use 405 specifically when the endpoint exists but the HTTP method is wrong. It gives much clearer feedback than 400 (generic error) or 404 (wrong path).
Blog
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026