Slim3 - Properly handle non-allowed HTTP method
Hello,
Version : Slim 3 latest 48fb2ce25255ad73f0c322f8914d289d8e55e923
Uncaught Exception when sending a non-allowed custom HTTP method.
Exception is thrown when the Container registers the Http/Request service so no "slim app error message" could be shown.
.
Example with a custom "AAA" method :
AAA /Slim-3.x/ HTTP/1.1
Host: 127.0.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Result :
Uncaught exception 'InvalidArgumentException',
'Unsupported HTTP method "AAA" provided' in Http/Request.php : 316
Whereas when using :
GET /Slim-3.x/ HTTP/1.1
...
X-Http-Method-Override: AAA
Everything is working fine because Container'serrorHandler is set and do its job.
rivetchip
All 12 comments
We will need to see code that shows this issue.
akrabat
on 11 Dec 2015
@akrabat I have nothing more than a fresh install from Slim3 repo.
require 'vendor/autoload.php';
$app = new Slim\App();
$app->get('/', function ($request, $response, $args) {
$response->write("Welcome to Slim!");
return $response;
});
$app->run();
Reproduce : simply do a request with a custom HTTP method, example with CURL :
curl 'http://127.0.0.1/Slim-3.x/' -X AAA
( where "AAA" is the custom HTTP method, could be anything not in Http\Request::$validMethods )
rivetchip
on 11 Dec 2015
you need to change your code to use the map method, but we still need to allow custom HTTP methods.
Or at least I think this is what this should look like.
$app->router->addMethod('AAA');
$app->map(['AAA'], '/', unction ($request, $response, $args) {
$response->write("Welcome to Slim!");
return $response;
});
geggleto
on 16 Dec 2015
What's the use-case for using an HTTP method that's not part of the spec?
I think it should't be an uncaught exception though.
akrabat
on 16 Dec 2015
I found this when mistyping a method, whatever. I agree, the way it's implemented shouldn鈥檛 change.
What I was trying to say is when trying to override the method ( using form[_METHOD] or X-Http-Method-Override header ) and when this method isn鈥檛 in the "acceptable" list of method ( Http\Request->validMethods ), it throw an exception, the app catch it then return a response ( the Not-allowed handler ).
Whereas when directly put a non-valid method ( ABC /folder/ HTTP/1.1 ), the exception is thrown like it always do, but that's all.
In this example, the Not-allowed handler is only used when overriding the method while I think it should be used for both.
Sorry, my English is somewhat crappy, I hope you'll get it all :)
rivetchip
on 20 Dec 2015
Hello guys,
I will be adding support to define custom HTTP method, which will solve part of the issue described here and provide additional functionality to the framework. I will go about it in a similar fashion as geggleto proposed in above post.
Looking forward to thoughts, feedback and comments once I submit a pull request later this week.
avramir
on 5 Jan 2016
I have the same problem, any solution?
cristiammercado
on 14 Feb 2016
Can see how this is Slim's responsibility to check/validate?
OptimusCrime
on 14 Feb 2016
I'm not sure that we can use the Slim ErrorHandler.
The request has thrown the exception when on construction. Hence we don't have a valid request object with which to run the error handler
akrabat
on 13 Mar 2016
Sorry to reopen, but here's a use case:
When a domain computer with Windows 7 Enterprise is browsing via Samba for network shares to the computer with Slim 3.1.0, it makes the following request to port 80:
"PROPFIND / HTTP/1.1" 200 1146 "-" "Microsoft-WebDAV-MiniRedir/6.1.7601"
Apache's error log posts the following:
[:error] [pid 169185] [client x.x.x.x:57097] PHP Fatal error: Uncaught exception 'InvalidArgumentException' with message 'Unsupported HTTP method "PROPFIND" provided' in /var/www/html/vendor/slim/slim/Slim/Http/Request.php:327\nStack trace:\n#0 /var/www/html/vendor/slim/slim/Slim/Http/Request.php(179): Slim\\Http\\Request->filterMethod('PROPFIND')\n#1 /var/www/html/vendor/slim/slim/Slim/Http/Request.php(146): Slim\\Http\\Request->__construct('PROPFIND', Object(Slim\\Http\\Uri), Object(Slim\\Http\\Headers), Array, Array, Object(Slim\\Http\\RequestBody), Array)\n#2 /var/www/html/vendor/slim/slim/Slim/Container.php(131): Slim\\Http\\Request::createFromEnvironment(Object(Slim\\Http\\Environment))\n#3 /var/www/html/vendor/pimple/pimple/src/Pimple/Container.php(113): Slim\\Container->Slim\\{closure}(Object(Slim\\Container))\n#4 /var/www/html/vendor/slim/slim/Slim/Container.php(266): Pimple\\Container->offsetGet('request')\n#5 /var/www/html/vendor/slim/slim/Slim/App.php(299): Slim\\Container->get('request')\n#6 /var/www/html/public/index.php(16): Slim\\App->run()\n#7 {main}\n thrown in /var/www/html/vendor/slim/slim/Slim/Http/Request.php on line 327
Would be nice not to have random errors in the log.
mkovalen
on 12 Aug 2016
I've noticed the same exception being thrown in production by something calling the "PROPFIND" method. I think it would be good to catch this gracefully.
robertprice
on 18 Nov 2016
Same here... with "PROPFIND" request method "hack".
Would like to be able to use methodNotAllowed handler instead.
@robertprice I added a hack in my Request child class... maybe it helps ;)
dhm80
on 22 Nov 2016
Related issues
jwyuen
路
5Comments
arokettu
路
3Comments
adambro
路
3Comments
geggleto
路
4Comments
basuke
路
3Comments
Most helpful comment
I've noticed the same exception being thrown in production by something calling the "PROPFIND" method. I think it would be good to catch this gracefully.