Use Reflection to Auto Populate the Allow Header
Based on the current Route being executed, it should be possible to detect HTTP methods the same route supports and therefore populate the Allow header in the response. e.g. whilst performing a GET on /api/values it should be possible to detect that the route supports both GET and POST (in fact the code I presume already has this list so that it knows which Action to call). The Allow header could then be populated with GET, POST.
The icing on the cake would be that the Authorize attribute is still checked so if the caller does not have permission to use one of the methods, then that method is dropped from the list.
Sigurdur G. Gunnarsson commented
I would like the see auto-populated OPTIONS out of the box, and don't see why people would not like it?
Shiv Kumar commented
I don't like this idea. It's simple enough to do it yourself as Daniel suggests too. Please don't do this. If you do, don't make it the default behavior
We don't currently plan on providing support out of the box for the Allow header or OPTIONS requests, but it should be possible to enable this yourself in a cross cutting way using action filters. We are certainly interested in hearing though if the community thinks this needs to be in the box.