You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 12, 2024. It is now read-only.
The WooCommerce REST API uses all the HTTP verbs (GET, POST, PUT, DELETE). Also, we've found (props @dechov for the find) that WooCommerce Admin is already relying on some PUT REST endpoints. Here, for example.
In WooCommerce Services, we've had user reports in the past regarding endpoints like those. An apache2 server, with mod_security configured with the most popular set of settings, will forbid any PUT or DELETE HTTP requests to hit the server at all.
Basically, the fix is to change all PUT requests that com from the client to POST requests with a X-HTTP-Method-Override: PUT HTTP header, or a _method=PUT querystring arg. Same with DELETE or PATCH requests.
The text was updated successfully, but these errors were encountered:
Originally discussed in woocommerce/woocommerce#23155
The WooCommerce REST API uses all the HTTP verbs (
GET
,POST
,PUT
,DELETE
). Also, we've found (props @dechov for the find) that WooCommerce Admin is already relying on somePUT
REST endpoints. Here, for example.In WooCommerce Services, we've had user reports in the past regarding endpoints like those. An
apache2
server, withmod_security
configured with the most popular set of settings, will forbid anyPUT
orDELETE
HTTP requests to hit the server at all.Here's the issue, with more context: Automattic/woocommerce-services#930
Gutenberg fixed the same issue here: WordPress/gutenberg#4396 and here: WordPress/gutenberg#5741
Basically, the fix is to change all
PUT
requests that com from the client toPOST
requests with aX-HTTP-Method-Override: PUT
HTTP header, or a_method=PUT
querystring arg. Same withDELETE
orPATCH
requests.The text was updated successfully, but these errors were encountered: