Disable "http_method_override" by default #892
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
deployed
to
OskarStark
added a commit
to symfony/symfony-docs
that referenced
this pull request
Feb 8, 2021
This PR was merged into the 4.4 branch. Discussion ---------- Clarify the role of http_method_override See also symfony/recipes#892 Commits ------- 91ecbda Clarify the role of http_method_override
|
I'm in favor of this change but shouldn't we target only 5.3? |
|
We need to be careful here as such a change means that applications simulating DELETE requests won't work anymore. I don't remember if EasyAdminBundle, for example, uses them by default (@javiereguiluz any idea about this?). |
|
@xabbuh thanks for the ping! Yes, we did that in the past, but we now use a normal form with |
|
Thanks for the reply Javier! What about CMS like solutions like Sulu? |
Updated, for 5.3 only it is now.
This won't break any apps since that's only for new apps.
They already ship their own |
fabpot
approved these changes
Feb 10, 2021
chalasr
approved these changes
Feb 10, 2021
javiereguiluz
added a commit
to symfony/demo
that referenced
this pull request
Feb 17, 2021
This PR was merged into the main branch. Discussion ---------- Disable HTTP method override We don't need this since the changes introduced in #427 and this goes in sync with the official Symfony recipe: symfony/recipes#892 Commits ------- 47eb3d9 Disable HTTP method override
This was referenced Feb 24, 2021
weaverryan
added a commit
to symfony/maker-bundle
that referenced
this pull request
Mar 2, 2021
This PR was merged into the 1.0-dev branch. Discussion ---------- [make:crud] use POST method instead of DELETE Starting in Symfony 5.3, `framework.http_method_override` defaults to `false`. This prevents CRUD form submission for `PUT`, `PATCH` &/or `DELETE` methods. See symfony/recipes#892 ~This PR conditionally sets `http_method_override` to true when using `make:crud` if using Symfony 5.3+~ We stop using the `DELETE` method override in favor of using `POST` on the delete operation. Commits ------- fc9cd2a [make:crud] use post method for deletes
sayjun0505
added a commit
to sayjun0505/sym_proj
that referenced
this pull request
Apr 16, 2023
This PR was merged into the main branch. Discussion ---------- Disable HTTP method override We don't need this since the changes introduced in #427 and this goes in sync with the official Symfony recipe: symfony/recipes#892 Commits ------- 47eb3d9 Disable HTTP method override
mwhorse46
added a commit
to mwhorse46/sym_proj
that referenced
this pull request
Apr 16, 2023
This PR was merged into the main branch. Discussion ---------- Disable HTTP method override We don't need this since the changes introduced in #427 and this goes in sync with the official Symfony recipe: symfony/recipes#892 Commits ------- 47eb3d9 Disable HTTP method override
lchrusciel
added a commit
to Sylius/SyliusResourceBundle
that referenced
this pull request
Sep 9, 2023
…425) This PR was merged into the 1.11 branch. Discussion ---------- | Q | A | --------------- | ----- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Related tickets | | License | MIT 1/ Delete path name can have some conflicts depending on operation sorting. On previous routing system, these routing sorting system was hard-coded. If we place the Bulk delete operation after the delete operation, the bulk delete is broken due to path conflicts. 2/ On current version of Symfony, http method overrides is not enabled by default and then these paths have another issue with same path for delete and edit operation (with POST method). symfony/recipes#892 Before ``` app_backend_contact_create GET|POST ANY ANY /admin/contacts/new app_backend_contact_update GET|PUT ANY ANY /admin/contacts/{id}/edit app_backend_contact_bulk_delete DELETE ANY ANY /admin/contacts/bulk_delete app_backend_contact_delete DELETE ANY ANY /admin/contacts/{id} app_backend_contact_show GET ANY ANY /admin/contacts/{id} app_backend_contact_index GET ANY ANY /admin/contacts ``` After ``` app_backend_contact_create GET|POST ANY ANY /admin/contacts/new app_backend_contact_update GET|PUT ANY ANY /admin/contacts/{id}/edit app_backend_contact_bulk_delete DELETE ANY ANY /admin/contacts/bulk_delete app_backend_contact_delete DELETE ANY ANY /admin/contacts/{id}/delete app_backend_contact_show GET ANY ANY /admin/contacts/{id} app_backend_contact_index GET ANY ANY /admin/contacts ``` Commits ------- 2222054 Update delete path name to avoid route conflicts c59467d Fix PHPUnit tests
GSadee
pushed a commit
to Sylius/Resource
that referenced
this pull request
Feb 2, 2024
…425) This PR was merged into the 1.11 branch. Discussion ---------- | Q | A | --------------- | ----- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Related tickets | | License | MIT 1/ Delete path name can have some conflicts depending on operation sorting. On previous routing system, these routing sorting system was hard-coded. If we place the Bulk delete operation after the delete operation, the bulk delete is broken due to path conflicts. 2/ On current version of Symfony, http method overrides is not enabled by default and then these paths have another issue with same path for delete and edit operation (with POST method). symfony/recipes#892 Before ``` app_backend_contact_create GET|POST ANY ANY /admin/contacts/new app_backend_contact_update GET|PUT ANY ANY /admin/contacts/{id}/edit app_backend_contact_bulk_delete DELETE ANY ANY /admin/contacts/bulk_delete app_backend_contact_delete DELETE ANY ANY /admin/contacts/{id} app_backend_contact_show GET ANY ANY /admin/contacts/{id} app_backend_contact_index GET ANY ANY /admin/contacts ``` After ``` app_backend_contact_create GET|POST ANY ANY /admin/contacts/new app_backend_contact_update GET|PUT ANY ANY /admin/contacts/{id}/edit app_backend_contact_bulk_delete DELETE ANY ANY /admin/contacts/bulk_delete app_backend_contact_delete DELETE ANY ANY /admin/contacts/{id}/delete app_backend_contact_show GET ANY ANY /admin/contacts/{id} app_backend_contact_index GET ANY ANY /admin/contacts ``` Commits ------- 22220546a709117a2a39fa39ee6d059faf26cfc2 Update delete path name to avoid route conflicts c59467d660a7845d2ced23d43c90aa105e94299f Fix PHPUnit tests
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When this is turned on (the default) one can hit a route that accepts only PUT, but with a POST.
Shouldn't we disable this by default, as it's not that commonly needed, isn't it?