5

I have a laravel API. For those that don't know, Laravel uses method spoofing to deal with PUT and DELETE methods so it reads a POST call with _method=[PUT|DELETE] as a PUT or DELETE method.

We test our API with Postman. In postman I can send true DELETE and PUT calls to the server without having to spoof. Up until today both methods worked fine.

Today, our beta server will allow PUT / DELETE methods through but it strips the body parameters from it. This is ONLY happening on our beta server which leads me to believe it to be a server issue but nothing has changed on our server for months. Its CentOS 6.8 using Apache and php 7. The requests get through and then laravel promptly responds as if none of the body parameters exist, whether its a validation error or deleting everything instead of only a certain thing.

Bill Garrison
  • 2,226
  • 3
  • 34
  • 75
  • I don't know the laravel API, but i wonder: Could it possibly be related to the OPTIONS request that usually is sent before the PUT? Maybe the server should include more allowed headers when it responds to the OPTIONS (though the problem is with the body...). – heringer Oct 19 '16 at 12:31
  • I was under the impression that the options call only happens with a browser request...this is directly from postman – Bill Garrison Oct 19 '16 at 12:33
  • Yeah, i think you're right, i just read this: "[Using chrome/postman or curl the request succeeds because the OPTIONS request is never sent.](https://www.parse.com/questions/creating-a-role-cors-not-allowed-by-access-control-allow-origin)" . – heringer Oct 19 '16 at 12:42
  • any output of `file_get_contents('php://input')` on beta server? – Ben Feb 03 '18 at 07:20

0 Answers0