In CORS Spec:
If method is not a case-sensitive match for any of the values in list of methods do not set any additional headers and terminate this set of steps.
However in CorsEngine.cs:
```
if (policy.AllowAnyMethod ||
policy.Methods.Contains(requestContext.AccessControlRequestMethod, StringComparer.OrdinalIgnoreCase))
{
result.AllowedMethods.Add(requestContext.AccessControlRequestMethod);
}
```
If method is not a case-sensitive match for any of the values in list of methods do not set any additional headers and terminate this set of steps.
However in CorsEngine.cs:
```
if (policy.AllowAnyMethod ||
policy.Methods.Contains(requestContext.AccessControlRequestMethod, StringComparer.OrdinalIgnoreCase))
{
result.AllowedMethods.Add(requestContext.AccessControlRequestMethod);
}
```