Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Restrict allowed HTTP methods in HiddenHttpMethodFilter [SPR-16836] #21376
Cory Hahlbeck commented
Hey, is there any reason GET is not in the list of allowed methods? We used GET as a method parameter in a POST whenever requests would have exceeded the URL length limit, so this change breaks some functionality. It seems like it was decided to not include GET since there is no need to simulate it from a browser, but some of the other use cases of this class might be being overlooked.
Brian Clozel commented
Hi Cory Hahlbeck,
That's right - the main goal of this filter is to work around the inability of browsers to send HTTP forms with specific HTTP methods.
I'm not really in favor of adding the possibility for GET methods:
The implementation of this filter is really straightforward and your use case seems to be more about a workaround to a specific issue than a general use case for applications. In this case, I think your best bet is to create your own filter that will suit your needs.
Thanks for your feedback and don't hesitate to add more comments if you've got other use cases in mind for this.