In CORS Spec:
If method is not a case-sensitive match for any of the values in list of methods do not set any additional headers and terminate this set of steps.
However in CorsEngine.cs:
```
if (policy.AllowAnyMethod ||
policy.Methods.Contains(requestContext.AccessControlRequestMethod, StringComparer.OrdinalIgnoreCase))
{
result.AllowedMethods.Add(requestContext.AccessControlRequestMethod);
}
```
Comments: https://aspnetwebstack.codeplex.com/SourceControl/changeset/87b5360874b2dd2fbba429f7d46d1764338b0511
If method is not a case-sensitive match for any of the values in list of methods do not set any additional headers and terminate this set of steps.
However in CorsEngine.cs:
```
if (policy.AllowAnyMethod ||
policy.Methods.Contains(requestContext.AccessControlRequestMethod, StringComparer.OrdinalIgnoreCase))
{
result.AllowedMethods.Add(requestContext.AccessControlRequestMethod);
}
```
Comments: https://aspnetwebstack.codeplex.com/SourceControl/changeset/87b5360874b2dd2fbba429f7d46d1764338b0511