No support for PATCH

  • Resolved oyvindwe

    (@oyvindwe)


    10 months, 2 weeks ago

    Another issue with version 1.2.2:

    The plugin does not allow PATCH as method (not possible to select in UI). Also, the commas should be be followed by space (” “)

    Default value:

    access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE

    With plugin enabled:

    access-control-allow-methods: GET,POST,OPTIONS,PUT,DELETE
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Dev Kabir

    (@devkabir)

    Have you tested these options after adding space? Could you please provide a relevant source link so that anyone can review your suggestion?

    Thread Starter oyvindwe

    (@oyvindwe)

    I can try to make a PR. Is there a git repo for the plugin code, or is it only available on the Subversion repo?

    Plugin Author Dev Kabir

    (@devkabir)

    It is only available on the Subversion repository.

    “No support for PATCH.”

    At this moment, most users of this plugin are utilizing it for GET, POST, and OPTIONS methods. If any 5 user, like yourself, opens or adds a thread to enable the PATCH method, I will include that in the next update.

    “Commas should be followed by a space (” “).”

    If you could explain or add a relevant resource link discussing the pros and cons of this, I would be grateful to you.

    Thread Starter oyvindwe

    (@oyvindwe)

    My main goal is to be able to restrict Access-Control-Allow-Origin for /wp-json and keep the other headers as is. This requires a plugin, and this one looks very nice, so I would be very happy to use it instead of writing my own.

    Without this installed plugin, I get this header (as posted above) for /wp-json:

    access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE

    I would like to retain the value. I actually don’t know if PATCH is in use or not, I’m not that familiar with the WordPress REST API.

    It is only available on the Subversion repository.

    “No support for PATCH.”

    At this moment, most users of this plugin are utilizing it for GET, POST, and OPTIONS methods. If any 5 user, like yourself, opens or adds a thread to enable the PATCH method, I will include that in the next update.

    OK – I tried to add “PATCH” to both the Javascript and PHP files, but I wasn’t able to make it appear in the admin UI.

    “Commas should be followed by a space (” “).”

    If you could explain or add a relevant resource link discussing the pros and cons of this, I would be grateful to you.

    Space is optional according to the spec, but improves readability. The plugin actually uses spaces in Access-Control-Allow-Headers

    Access-Control-Allow-Methods = #method
    Access-Control-Allow-Headers = #field-name

    https://fetch.spec.whatwg.org/#http-new-header-syntax

    #rule
    A construct “#” is defined, similar to “*”, for defining lists of elements. The full form is “<n>#<m>element” indicating at least <n> and at most <m> elements, each separated by one or more commas (“,”) and OPTIONAL linear white space (LWS).

    https://datatracker.ietf.org/doc/html/rfc2616#section-2.1
    Plugin Author Dev Kabir

    (@devkabir)

    Thank you for providing detailed information.

    My main goal is to be able to restrict?Access-Control-Allow-Origin?for?/wp-json?and keep the other headers as is.

    I believe plugin is well-equipped to achieve this goal effectively.

    ?I actually don’t know if PATCH is in use or not, I’m not that familiar with the WordPress REST API.

    Typically, the majority of requests involve GET and POST methods, with OPTIONS commonly employed for pre-flight requests. But as I promised you before,

    ?If any 5 user, like yourself, opens or adds a thread to enable the PATCH method, I will include that in the next update.

    Because,

    There are five extended versions of this plugin available outside the official repository, each tailored to meet specific client requirements. The versions outside the repository cater to more advanced needs. However, This plugin is designed as a basic solution, primarily targeting non-tech-savvy users seeking a straightforward CORS resolution.

    Considering your technical expertise, I believe you have the capability to address any security concerns that may arise, a proficiency that might surpass the typical user of this plugin. Many users of the basic version may not possess the same technical know-how.

    If you have any specific security considerations or if there’s anything you’d like assistance with, please feel free to share. Your insights are valuable in enhancing the overall user experience.

    Space is optional according to the spec, but improves readability.

    It’s important to note that the options’ reader is the server, and in this context, I don’t foresee any noticeable performance improvement with the inclusion of spaces.

    The plugin actually uses spaces in?Access-Control-Allow-Headers

    I will remove space in next update.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘No support for PATCH’ is closed to new replies.