diff --git a/core/modules/rest/config/rest.settings.yml b/core/modules/rest/config/rest.settings.yml
index e2699fc..a3c8d25 100644
--- a/core/modules/rest/config/rest.settings.yml
+++ b/core/modules/rest/config/rest.settings.yml
@@ -25,6 +25,11 @@ resources:
         - hal_json
       supported_auth:
         - basic_auth
+    OPTIONS:
+      supported_formats:
+        - hal_json
+      supported_auth:
+        - basic_auth
 
 # Multiple formats and multiple authentication providers can be defined for a
 # resource:
diff --git a/core/modules/rest/config/schema/rest.schema.yml b/core/modules/rest/config/schema/rest.schema.yml
index b9cb652..dd9982f 100644
--- a/core/modules/rest/config/schema/rest.schema.yml
+++ b/core/modules/rest/config/schema/rest.schema.yml
@@ -26,6 +26,9 @@ rest_resource:
     DELETE:
       type: rest_request
       label: 'DELETE method settings'
+    OPTIONS:
+      type: rest_request
+      label: 'OPTIONS method settings'
 
 rest_request:
   type: mapping
diff --git a/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php b/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php
index 9b3c792..f7aaf74 100644
--- a/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php
+++ b/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php
@@ -185,6 +185,32 @@ public function delete(EntityInterface $entity) {
   }
 
   /**
+   *
+   * @param EntityInterface $entity
+   * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
+   */
+  public function options(EntityInterface $entity) {
+    if (!$entity->access('view')) {
+      throw new AccessDeniedHttpException();
+    }
+    $allowed_methods = array('OPTIONS');
+    if ($entity->access('view')) {
+      $allowed_methods[] = 'GET';
+    }
+    if ($entity->access('delete')) {
+      $allowed_methods[] = 'DELETE';
+    }
+    if ($entity->access('create')) {
+      $allowed_methods[] = 'POST';
+    }
+    if ($entity->access('update')) {
+      $allowed_methods[] = 'PATCH';
+    }
+
+    return new ResourceResponse(NULL, 200, array('Allow' => implode(',', $allowed_methods)));
+  }
+
+  /**
    * Verifies that the whole entity does not violate any validation constraints.
    *
    * @param \Drupal\Core\Entity\EntityInterface $entity