jacwright / RestServer

A PHP REST server for providing a very light-weight REST API.
MIT License
510 stars 194 forks source link

CORS: PATCH method is not allowed #109

Open fnevgeny opened 6 years ago

fnevgeny commented 6 years ago

I believe in corsHeaders(), in

header('Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS');

the PATCH method is missing.

Thanks for sharing the very useful code!

tyzoid commented 6 years ago

Thanks, do you have an example API endpoint that utilizes the PATCH method?

fnevgeny commented 6 years ago

PATCH is like PUT, but only for updating a part of an entity. In both cases you pass a JSON object of your choice, but while for PUT the object contains all fields, PATCH - only a subset; typically just one (e.g., changing password of a user without altering his/her name/lastname/etc)

tyzoid commented 6 years ago

Yeah, I get what PATCH is used for, but I'm trying to figure out if it makes sense to have a slightly different way of handling this type of request, or if it makes more sense to just treat them in the same manner as a POST internally. This is tangential to the bug at hand, but related.

fnevgeny commented 6 years ago

On success, POST returns 201, PATCH (like PUT) should return 204. Other than that, I don't think there should be any special treatment.