You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

173 lines
6.2 KiB

  1. # method-override
  2. [![NPM Version][npm-image]][npm-url]
  3. [![NPM Downloads][downloads-image]][downloads-url]
  4. [![Build Status][travis-image]][travis-url]
  5. [![Test Coverage][coveralls-image]][coveralls-url]
  6. [![Gratipay][gratipay-image]][gratipay-url]
  7. Lets you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it.
  8. ## Install
  9. ```sh
  10. $ npm install method-override
  11. ```
  12. ## API
  13. **NOTE** It is very important that this module is used **before** any module that
  14. needs to know the method of the request (for example, it _must_ be used prior to
  15. the `csurf` module).
  16. ### methodOverride(getter, options)
  17. Create a new middleware function to override the `req.method` property with a new
  18. value. This value will be pulled from the provided `getter`.
  19. - `getter` - The getter to use to look up the overridden request method for the request. (default: `X-HTTP-Method-Override`)
  20. - `options.methods` - The allowed methods the original request must be in to check for a method override value. (default: `['POST']`)
  21. If the found method is supported by node.js core, then `req.method` will be set to
  22. this value, as if it has originally been that value. The previous `req.method`
  23. value will be stored in `req.originalMethod`.
  24. #### getter
  25. This is the method of getting the override value from the request. If a function is provided,
  26. the `req` is passed as the first argument, the `res` as the second argument and the method is
  27. expected to be returned. If a string is provided, the string is used to look up the method
  28. with the following rules:
  29. - If the string starts with `X-`, then it is treated as the name of a header and that header
  30. is used for the method override. If the request contains the same header multiple times, the
  31. first occurrence is used.
  32. - All other strings are treated as a key in the URL query string.
  33. #### options.methods
  34. This allows the specification of what methods(s) the request *MUST* be in in order to check for
  35. the method override value. This defaults to only `POST` methods, which is the only method the
  36. override should arrive in. More methods may be specified here, but it may introduce security
  37. issues and cause weird behavior when requests travel through caches. This value is an array
  38. of methods in upper-case. `null` can be specified to allow all methods.
  39. ## Examples
  40. ### override using a header
  41. To use a header to override the method, specify the header name
  42. as a string argument to the `methodOverride` function. To then make
  43. the call, send a `POST` request to a URL with the overridden method
  44. as the value of that header. This method of using a header would
  45. typically be used in conjunction with `XMLHttpRequest` on implementations
  46. that do not support the method you are trying to use.
  47. ```js
  48. var connect = require('connect')
  49. var methodOverride = require('method-override')
  50. // override with the X-HTTP-Method-Override header in the request
  51. app.use(methodOverride('X-HTTP-Method-Override'))
  52. ```
  53. Example call with header override using `XMLHttpRequest`:
  54. ```js
  55. var xhr = new XMLHttpRequest()
  56. xhr.onload = onload
  57. xhr.open('post', '/resource', true)
  58. xhr.setRequestHeader('X-HTTP-Method-Override', 'DELETE')
  59. xhr.send()
  60. function onload() {
  61. alert('got response: ' + this.responseText)
  62. }
  63. ```
  64. ### override using a query value
  65. To use a query string value to override the method, specify the query
  66. string key as a string argument to the `methodOverride` function. To
  67. then make the call, send a `POST` request to a URL with the overridden
  68. method as the value of that query string key. This method of using a
  69. query value would typically be used in conjunction with plain HTML
  70. `<form>` elements when trying to support legacy browsers but still use
  71. newer methods.
  72. ```js
  73. var connect = require('connect')
  74. var methodOverride = require('method-override')
  75. // override with POST having ?_method=DELETE
  76. app.use(methodOverride('_method'))
  77. ```
  78. Example call with query override using HTML `<form>`:
  79. ```html
  80. <form method="POST" action="/resource?_method=DELETE">
  81. <button type="submit">Delete resource</button>
  82. </form>
  83. ```
  84. ### multiple format support
  85. ```js
  86. var connect = require('connect')
  87. var methodOverride = require('method-override')
  88. // override with different headers; last one takes precedence
  89. app.use(methodOverride('X-HTTP-Method')) // Microsoft
  90. app.use(methodOverride('X-HTTP-Method-Override')) // Google/GData
  91. app.use(methodOverride('X-Method-Override')) // IBM
  92. ```
  93. ### custom logic
  94. You can implement any kind of custom logic with a function for the `getter`. The following
  95. implements the logic for looking in `req.body` that was in `method-override@1`:
  96. ```js
  97. var bodyParser = require('body-parser')
  98. var connect = require('connect')
  99. var methodOverride = require('method-override')
  100. // NOTE: when using req.body, you must fully parse the request body
  101. // before you call methodOverride() in your middleware stack,
  102. // otherwise req.body will not be populated.
  103. app.use(bodyParser.urlencoded())
  104. app.use(methodOverride(function(req, res){
  105. if (req.body && typeof req.body === 'object' && '_method' in req.body) {
  106. // look in urlencoded POST bodies and delete it
  107. var method = req.body._method
  108. delete req.body._method
  109. return method
  110. }
  111. }))
  112. ```
  113. Example call with query override using HTML `<form>`:
  114. ```html
  115. <!-- enctype must be set to the type you will parse before methodOverride() -->
  116. <form method="POST" action="/resource" enctype="application/x-www-form-urlencoded">
  117. <input type="hidden" name="_method" value="DELETE">
  118. <button type="submit">Delete resource</button>
  119. </form>
  120. ```
  121. ## License
  122. [MIT](LICENSE)
  123. [npm-image]: https://img.shields.io/npm/v/method-override.svg
  124. [npm-url]: https://npmjs.org/package/method-override
  125. [travis-image]: https://img.shields.io/travis/expressjs/method-override/master.svg
  126. [travis-url]: https://travis-ci.org/expressjs/method-override
  127. [coveralls-image]: https://img.shields.io/coveralls/expressjs/method-override/master.svg
  128. [coveralls-url]: https://coveralls.io/r/expressjs/method-override?branch=master
  129. [downloads-image]: https://img.shields.io/npm/dm/method-override.svg
  130. [downloads-url]: https://npmjs.org/package/method-override
  131. [gratipay-image]: https://img.shields.io/gratipay/dougwilson.svg
  132. [gratipay-url]: https://www.gratipay.com/dougwilson/