New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop using PATCH #6294
Comments
We may be able to replace the |
"Stop using PATCH" - "our application is broken" "because nginx doesn't have PATCH enabled by default" - it is just a blatant lie.
As you can see |
And what you mean "not enabled" by the way ? |
Many modern hosts (like o2switch and others shared hosts plans) are disabling PATCH/PUT/DELETE verbs by default, except if you make a ticket that they can charge you up to an hour to make it work, so yes, there's should be an option somewhere to allow the use of internal "_method" property from Symfony. |
So just not use them, no ? |
Yeah we solved this by just enabling it in nginx but I think it wouldn't hurt if people wouldn't have to tinker with server/host to get this feature to work |
Because you generally discover this kind of thing after buying your hosting. It's a technical detail that they don't specify .... |
Especially when you don't have hand on server configuration on shared hosting or when the HTTP verb is firewall-filtered before nginx being aware of the http request. |
Your console log only shows you made a PATCH request, not if nginx handled it as such. |
How nginx should handled it ? It can do something like
in config, but it is NOT "by default" |
If you open the Symfony profiler you should see PATCH as the method. For us nginx was converting them to GET by default. |
|
Just realized that the |
And this is right. Dubious feature. |
Do you realize that not everyone can afford a dedicated server and that most shared hosting, still today, keep blocking PATCH/PUT/DELETE verbs for security. I agree that this is a dumb pretext, but you can do shit in this case without having a fallback proposed by Symfony to make the software working by a little and universal tweak (lot of frameworks are support this tweak today). Interoperability concept exists for this kind of precise case :/ |
Really ? For security ? How ?
Not support ugly providers and they allow PATCH/PUT/DELETE (fact) or close their business ) PS. Why ugly solutions should be in framework anyway ? |
That's literally the same excuse written by the support of 2 different hosting provider for "DDOS fighting purpose", I know its crap, but this is why we must keep supporting this tweak from Symfony. It does not change that much the security or maintainability of the code and keep a high level of Interoperability.
The hidden "_method" field is known across many frameworks to bypass inaccessible CRUD verbs blocked by cheap hosting providers :) |
But push it farther )
Sorry, does not use it. But argument ) |
The boolean toggles are broken for our application because nginx doesn't have
PATCH
enabled by default and it's somewhat complicated to change.https://gridpane.com/kb/making-nginx-accept-put-delete-and-patch-verbs/
Thoughts on making it use
POST
instead?The text was updated successfully, but these errors were encountered: