Contrib.social

Route validation does not preserve request method, defaults to GET

Open on Drupal.org →
Created on 25 August 2015, over 9 years ago
Updated 4 November 2024, about 2 months ago

In mymodule.routing.yml it is possible to define _method in route requirements to allow access using only specified request methods. It seems that route validation, however, does not preserve request method and defaults to GET requests, which will then fail the _method requirement always.

According to stack trace, the problem seems to lie in Drupal\Core\Routing\AccessAwareRouter::match, as the Request object is created from plain path without any other context.

mymodule.vote:
  path: '/foobar/vote'
  defaults:
    _controller: '\Drupal\mymodule\Controller\FoobarViewController::vote'
  requirements:
    _entity_access: 'foobar.view'
    _method: 'POST'

Symfony\Component\Routing\Exception\MethodNotAllowedException: in Symfony\Component\Routing\Matcher\UrlMatcher->match() (line 101 of core/vendor/symfony/routing/Matcher/UrlMatcher.php).

Drupal\Core\Routing\UrlMatcher->finalMatch(Object, Object)
Symfony\Cmf\Component\Routing\NestedMatcher\NestedMatcher->matchRequest(Object)
Symfony\Cmf\Component\Routing\DynamicRouter->matchRequest(Object)
Symfony\Cmf\Component\Routing\ChainRouter->doMatch('/kysy-kirjastonhoitajalta/vote', Object)
Symfony\Cmf\Component\Routing\ChainRouter->matchRequest(Object)
Drupal\Core\Routing\AccessAwareRouter->matchRequest(Object)
Drupal\Core\Routing\AccessAwareRouter->match('/kysy-kirjastonhoitajalta/vote')
Drupal\user\Plugin\LanguageNegotiation\LanguageNegotiationUserAdmin->isAdminPath(Object)
Drupal\user\Plugin\LanguageNegotiation\LanguageNegotiationUserAdmin->getLangcode(Object)
Drupal\language\LanguageNegotiator->negotiateLanguage('language_interface', 'language-user-admin')
Drupal\language\LanguageNegotiator->initializeType('language_interface')
Drupal\language\ConfigurableLanguageManager->getCurrentLanguage()
Drupal\language\EventSubscriber\LanguageRequestSubscriber->onKernelRequestLanguage(Object, 'kernel.request', Object)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch('kernel.request', Object)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1)
Drupal\page_cache\StackMiddleware\PageCache->pass(Object, 1, 1)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1)
Stack\StackedHttpKernel->handle(Object, 1, 1)
Drupal\Core\DrupalKernel->handle(Object)
🐛 Bug report
Status

Active

Version

11.0 🔥

Component

routing system

Created by

🇫🇮Finland sjuvonen

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 2 months ago
    🇫🇮Finland heikkiy Oulu

    I arrived here when debugging an issue that started after updating to Drupal 10.3. Our node translations started to work wrong and we were not able to save unpublished nodes. I originally thought the issue was with 🐛 Non-admins cannot save unpublished nodes with path alias Active and first tried solving the issue with Link to any page permission. But then I tried removing all core patches and removing the patch from #30 seemed to fix the problem.

    This issue seems outdated because 🐛 AccessAwareRouter does not respect HTTP method Fixed is closed and no new reports have been filed. We originally added this patch to fix editing media items in CKEditor but that problem doesn't seem to exist anymore without this patch.

  • Comment about 2 months ago
    🇫🇮Finland heikkiy Oulu

    I think this issue needs an issue summary update and verification if the problem still exists with supported Drupal versions.

  • Comment about 1 month ago
    🇮🇳India arunkumark Coimbatore

    Verified the issue with Drupal 11.x version. The issue still exists. Below are the observations,

    1. Created the custom module with routing
    2. Added below routing 

    foobar.vote:
  path: '/foobar/vote'
  defaults:
    _controller: '\Drupal\foobar\Controller\FooBarController::vote'
  requirements:
    _method: 'POST'
    _permission: 'access content'

    3. Accessed the URL /foobar/vote via the browser (i.e GET request by default)
    4. The page can be accessible without any deny
    5. Verified the URL link via the POST-MAN on GET and POST both are working.

    So, the issue may still persist.

    Also there is no change in the routing parameters. Hope #15 will not be valid.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024