Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

+server.js endpoints do not correctly return the allow header #8967

Closed
eltigerchino opened this issue Feb 9, 2023 · 0 comments · Fixed by #8968
Closed

+server.js endpoints do not correctly return the allow header #8967

eltigerchino opened this issue Feb 9, 2023 · 0 comments · Fixed by #8968

Comments

@eltigerchino
Copy link
Member

eltigerchino commented Feb 9, 2023
edited
Loading

Describe the bug

A list of allowed methods should be returned when making an invalid request to an endpoint.
However, no exported methods are being included in the allow header.

kit/packages/kit/src/runtime/server/utils.js

Line 44 in 51cd6e6

for (const method in ['GET', 'POST', 'PUT', 'PATCH', 'DELETE']) {

The issue stems from the in keyword comparing the index numbers instead of the http methods in the array. It should use the of keyword instead.
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for...of

Reproduction

https://stackblitz.com/edit/sveltejs-kit-template-default-v8r3ub?file=src%2Froutes%2F%2Bpage.svelte,src%2Froutes%2Ftest%2F%2Bserver.js&terminal=dev

Make a request to /test with a method that is not allowed such as PUT

Expected:
Response's allow header includes POST.

Actual:
Response's allow header is empty.

Logs

#### Browser console

Failed to load resource: the server responded with a status of 405 (Method Not Allowed)

System Info

System:
    OS: Linux 5.0 undefined
    CPU: (8) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
    Memory: 0 Bytes / 0 Bytes
    Shell: 1.0 - /bin/jsh
  Binaries:
    Node: 16.14.2 - /usr/local/bin/node
    Yarn: 1.22.19 - /usr/local/bin/yarn
    npm: 7.17.0 - /usr/local/bin/npm
  npmPackages:
    @sveltejs/adapter-auto: ^2.0.0 => 2.0.0 
    @sveltejs/kit: ^1.5.0 => 1.5.0 
    svelte: ^3.54.0 => 3.55.1 
    vite: ^4.0.0 => 4.1.1

Severity

annoyance

Additional Information

No response
@eltigerchino eltigerchino mentioned this issue Feb 9, 2023
Merged
5 tasks
dummdidumm pushed a commit that referenced this issue Feb 9, 2023
@eltigerchino
fix: allow methods check (#8968)
bef54f6 
fixes #8967
@gtm-nayan gtm-nayan mentioned this issue Apr 13, 2023
Merged
5 tasks
dummdidumm pushed a commit that referenced this issue Apr 13, 2023
@gtm-nayan
fix: allow header methods list for 405s (#9655)
208877d 
see #8967 for explanation

regressed in #8731, probably because that PR started from an older branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: correctly check allowed endpoint methods
1 participant
@eltigerchino