Change Request method via middleware

[shish]

Long story short

Browsers still only support GET and POST on HTML forms. I want to make a web front end for my REST API which includes DELETEing things, without having to use javascript. The standard suggestion here is to use POST and have a hidden field <input type="hidden" name="_method" value="DELETE">, and then have your middleware redirect that request to use the DELETE handler.

Expected behaviour

There should be some way to do this

Actual behaviour

As far as I can tell this is impossible with aiohttp?

Steps to reproduce

    @web.middleware
    async def set_method(request, handler):
        data = await request.post()
        if '_method' in data:
            request.method = data['_method']  # doesn't work because method is reified and immutable
            request._method = data['_method']  # has no effect because method is reified
            request = request.clone(method=data['_method'])  # can't clone a request after calling .post() on it
        return await handler(request)

in all cases the route handler for POST gets called instead of DELETE :(

Your environment

3.5.2 server

[aio-libs-bot]

GitMate.io thinks the contributor most likely able to help you is @asvetlov.

Possibly related issues are #2919 (Call method to clean middleware class), #3097 (aiohttp middleware and replacing a request in flight), #2225 (Middleware factory is run for every single request), #1392 (Issue with ClientSession.request('POST') method), and #491 (Handling basic auth with a middleware or a request annotation).

[shish]

Custom Routing Criteria looks like maybe it could work, but I would have to manually override all of my routes, I can't just say "if _method==DELETE, call .delete() instead of .post()" in one place?

[asvetlov]

The problem is: if you started to read request body (await request.post()) you cannot change the request because its body is at least partially consumed.

[shish]

If the request can't be modified, is there an elegant way to re-route the request as-is? The high-level goal is just that a POST with _method=DELETE should go to the route that has been configured to handle DELETE, without having to add

def post(self):
    data = await self.request.post()
    if data.get("_method") == "DELETE":
        return await self.delete()

def delete(self):
    [...]

into every web.View individually

[arthurdarcet]

you could create a base view such as

class BaseView:
    async def post(self):
        data = await self.request.post()
        if data.get('_method') == 'delete':
            return await self.delete()
        return await self.real_post()

    async def real_post(self):
        return await super().post() # will raise a 405

class View(BaseView):
    async def delete(self):
        ...
    async def real_post(self):
        ...

or you can do some weird magic with metaclasses or __init_subclass__ to have real_post named post in the child classes, but that's up to you

[lock]

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.