diff --git a/src/Application/Attributes/AllowedFor.php b/src/Application/Attributes/AllowedFor.php
new file mode 100644
index 000000000..5779f2c6d
--- /dev/null
+++ b/src/Application/Attributes/AllowedFor.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nette\Application\Attributes;
+
+use Attribute;
+
+
+#[Attribute(Attribute::TARGET_METHOD | Attribute::TARGET_CLASS)]
+class AllowedFor
+{
+	public function __construct(
+		public ?bool $httpGet = null,
+		public ?bool $httpPost = null,
+		public ?bool $forward = null,
+		public ?array $actions = null,
+		public ?bool $crossOrigin = null,
+	) {
+	}
+}
diff --git a/src/Application/UI/Component.php b/src/Application/UI/Component.php
index 3ea844ec7..b8909d106 100644
--- a/src/Application/UI/Component.php
+++ b/src/Application/UI/Component.php
@@ -129,6 +129,13 @@ public function checkRequirements($element): void
 		) {
 			$this->getPresenter()->detectedCsrf();
 		}
+
+		if ($attrs = $element->getAttributes(Nette\Application\Attributes\AllowedFor::class)) {
+			$method = strtolower($this->getPresenter()->getRequest()->getMethod());
+			if (empty($attrs[0]->newInstance()->$method)) {
+				throw new Nette\Application\BadRequestException("Method '$method' is not allowed.");
+			}
+		}
 	}