1 | # method-override
|
2 |
|
3 | [![NPM Version][npm-image]][npm-url]
|
4 | [![NPM Downloads][downloads-image]][downloads-url]
|
5 | [![Build Status][travis-image]][travis-url]
|
6 | [![Test Coverage][coveralls-image]][coveralls-url]
|
7 |
|
8 | Lets you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it.
|
9 |
|
10 | ## Install
|
11 |
|
12 | This is a [Node.js](https://nodejs.org/en/) module available through the
|
13 | [npm registry](https://www.npmjs.com/). Installation is done using the
|
14 | [`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
|
15 |
|
16 | ```sh
|
17 | $ npm install method-override
|
18 | ```
|
19 |
|
20 | ## API
|
21 |
|
22 | **NOTE** It is very important that this module is used **before** any module that
|
23 | needs to know the method of the request (for example, it _must_ be used prior to
|
24 | the `csurf` module).
|
25 |
|
26 | ### methodOverride(getter, options)
|
27 |
|
28 | Create a new middleware function to override the `req.method` property with a new
|
29 | value. This value will be pulled from the provided `getter`.
|
30 |
|
31 | - `getter` - The getter to use to look up the overridden request method for the request. (default: `X-HTTP-Method-Override`)
|
32 | - `options.methods` - The allowed methods the original request must be in to check for a method override value. (default: `['POST']`)
|
33 |
|
34 | If the found method is supported by node.js core, then `req.method` will be set to
|
35 | this value, as if it has originally been that value. The previous `req.method`
|
36 | value will be stored in `req.originalMethod`.
|
37 |
|
38 | #### getter
|
39 |
|
40 | This is the method of getting the override value from the request. If a function is provided,
|
41 | the `req` is passed as the first argument, the `res` as the second argument and the method is
|
42 | expected to be returned. If a string is provided, the string is used to look up the method
|
43 | with the following rules:
|
44 |
|
45 | - If the string starts with `X-`, then it is treated as the name of a header and that header
|
46 | is used for the method override. If the request contains the same header multiple times, the
|
47 | first occurrence is used.
|
48 | - All other strings are treated as a key in the URL query string.
|
49 |
|
50 | #### options.methods
|
51 |
|
52 | This allows the specification of what methods(s) the request *MUST* be in in order to check for
|
53 | the method override value. This defaults to only `POST` methods, which is the only method the
|
54 | override should arrive in. More methods may be specified here, but it may introduce security
|
55 | issues and cause weird behavior when requests travel through caches. This value is an array
|
56 | of methods in upper-case. `null` can be specified to allow all methods.
|
57 |
|
58 | ## Examples
|
59 |
|
60 | ### override using a header
|
61 |
|
62 | To use a header to override the method, specify the header name
|
63 | as a string argument to the `methodOverride` function. To then make
|
64 | the call, send a `POST` request to a URL with the overridden method
|
65 | as the value of that header. This method of using a header would
|
66 | typically be used in conjunction with `XMLHttpRequest` on implementations
|
67 | that do not support the method you are trying to use.
|
68 |
|
69 | ```js
|
70 | var express = require('express')
|
71 | var methodOverride = require('method-override')
|
72 | var app = express()
|
73 |
|
74 | // override with the X-HTTP-Method-Override header in the request
|
75 | app.use(methodOverride('X-HTTP-Method-Override'))
|
76 | ```
|
77 |
|
78 | Example call with header override using `XMLHttpRequest`:
|
79 |
|
80 |
|
81 |
|
82 | ```js
|
83 | var xhr = new XMLHttpRequest()
|
84 | xhr.onload = onload
|
85 | xhr.open('post', '/resource', true)
|
86 | xhr.setRequestHeader('X-HTTP-Method-Override', 'DELETE')
|
87 | xhr.send()
|
88 |
|
89 | function onload () {
|
90 | alert('got response: ' + this.responseText)
|
91 | }
|
92 | ```
|
93 |
|
94 | ### override using a query value
|
95 |
|
96 | To use a query string value to override the method, specify the query
|
97 | string key as a string argument to the `methodOverride` function. To
|
98 | then make the call, send a `POST` request to a URL with the overridden
|
99 | method as the value of that query string key. This method of using a
|
100 | query value would typically be used in conjunction with plain HTML
|
101 | `<form>` elements when trying to support legacy browsers but still use
|
102 | newer methods.
|
103 |
|
104 | ```js
|
105 | var express = require('express')
|
106 | var methodOverride = require('method-override')
|
107 | var app = express()
|
108 |
|
109 | // override with POST having ?_method=DELETE
|
110 | app.use(methodOverride('_method'))
|
111 | ```
|
112 |
|
113 | Example call with query override using HTML `<form>`:
|
114 |
|
115 | ```html
|
116 | <form method="POST" action="/resource?_method=DELETE">
|
117 | <button type="submit">Delete resource</button>
|
118 | </form>
|
119 | ```
|
120 |
|
121 | ### multiple format support
|
122 |
|
123 | ```js
|
124 | var express = require('express')
|
125 | var methodOverride = require('method-override')
|
126 | var app = express()
|
127 |
|
128 | // override with different headers; last one takes precedence
|
129 | app.use(methodOverride('X-HTTP-Method')) // Microsoft
|
130 | app.use(methodOverride('X-HTTP-Method-Override')) // Google/GData
|
131 | app.use(methodOverride('X-Method-Override')) // IBM
|
132 | ```
|
133 |
|
134 | ### custom logic
|
135 |
|
136 | You can implement any kind of custom logic with a function for the `getter`. The following
|
137 | implements the logic for looking in `req.body` that was in `method-override@1`:
|
138 |
|
139 | ```js
|
140 | var bodyParser = require('body-parser')
|
141 | var express = require('express')
|
142 | var methodOverride = require('method-override')
|
143 | var app = express()
|
144 |
|
145 | // NOTE: when using req.body, you must fully parse the request body
|
146 | // before you call methodOverride() in your middleware stack,
|
147 | // otherwise req.body will not be populated.
|
148 | app.use(bodyParser.urlencoded())
|
149 | app.use(methodOverride(function (req, res) {
|
150 | if (req.body && typeof req.body === 'object' && '_method' in req.body) {
|
151 | // look in urlencoded POST bodies and delete it
|
152 | var method = req.body._method
|
153 | delete req.body._method
|
154 | return method
|
155 | }
|
156 | }))
|
157 | ```
|
158 |
|
159 | Example call with query override using HTML `<form>`:
|
160 |
|
161 | ```html
|
162 | <!-- enctype must be set to the type you will parse before methodOverride() -->
|
163 | <form method="POST" action="/resource" enctype="application/x-www-form-urlencoded">
|
164 | <input type="hidden" name="_method" value="DELETE">
|
165 | <button type="submit">Delete resource</button>
|
166 | </form>
|
167 | ```
|
168 |
|
169 | ## License
|
170 |
|
171 | [MIT](LICENSE)
|
172 |
|
173 | [npm-image]: https://img.shields.io/npm/v/method-override.svg
|
174 | [npm-url]: https://npmjs.org/package/method-override
|
175 | [travis-image]: https://img.shields.io/travis/expressjs/method-override/master.svg
|
176 | [travis-url]: https://travis-ci.org/expressjs/method-override
|
177 | [coveralls-image]: https://img.shields.io/coveralls/expressjs/method-override/master.svg
|
178 | [coveralls-url]: https://coveralls.io/r/expressjs/method-override?branch=master
|
179 | [downloads-image]: https://img.shields.io/npm/dm/method-override.svg
|
180 | [downloads-url]: https://npmjs.org/package/method-override
|