Skip to content
This repository has been archived by the owner on Jul 12, 2024. It is now read-only.

Avoid using "PUT" or "DELETE" HTTP methods #1934

Closed
DanReyLop opened this issue Mar 27, 2019 · 1 comment
Closed

Avoid using "PUT" or "DELETE" HTTP methods #1934

DanReyLop opened this issue Mar 27, 2019 · 1 comment

Comments

@DanReyLop
Copy link
Contributor

Originally discussed in woocommerce/woocommerce#23155

The WooCommerce REST API uses all the HTTP verbs (GET, POST, PUT, DELETE). Also, we've found (props @dechov for the find) that WooCommerce Admin is already relying on some PUT REST endpoints. Here, for example.

In WooCommerce Services, we've had user reports in the past regarding endpoints like those. An apache2 server, with mod_security configured with the most popular set of settings, will forbid any PUT or DELETE HTTP requests to hit the server at all.

Here's the issue, with more context: Automattic/woocommerce-services#930

Gutenberg fixed the same issue here: WordPress/gutenberg#4396 and here: WordPress/gutenberg#5741

Basically, the fix is to change all PUT requests that com from the client to POST requests with a X-HTTP-Method-Override: PUT HTTP header, or a _method=PUT querystring arg. Same with DELETE or PATCH requests.

@DanReyLop
Copy link
Contributor Author

Upon further investigation, you're using @wordpress/api-fetch in the client, which ends up including this middleware: https://github.com/WordPress/gutenberg/blob/d9768ad4294ffc08bed68459d342fa746f63aea4/packages/api-fetch/src/middlewares/http-v1.js

So, by virtue of using Gutenberg, this issue doesn't apply to you. Sorry for the noise :)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant