Skip to content

Duplicate HTTP methods in 405 Allow header #996

Description

@alexedwards

It seems like when routes are registered which 'overlap' due to their wildcards, their methods are repeated in the Allow header in 405 responses.

Minimal runnable example: https://go.dev/play/p/wm5Roz8MSRJ

package main

import (
	"fmt"
	"log"
	"net/http"
	"net/http/httptest"

	"github.com/go-chi/chi/v5"
)

func main() {
	r := chi.NewRouter()

	r.Post("/article/1-2-3", func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusOK)

	})

	r.Post("/article/{a}", func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusOK)

	})

	r.Post("/article/{b}-{c}", func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusOK)
	})

	r.Post("/article/{b}-{c}-{d}", func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusOK)
	})

	server := httptest.NewServer(r)
	defer server.Close()

	// Send a request with an unsupported method
	res, err := http.Get(server.URL + "/article/1-2-3")
	if err != nil {
		log.Fatal(err)
	}

	fmt.Println("Status:", res.Status)
	fmt.Println("Header:", res.Header)
}

Outputs:

Status: 405 Method Not Allowed
Header: map[Allow:[POST POST POST POST] Content-Length:[0] Date:[Tue, 10 Nov 2009 23:00:00 GMT]]

The POST value in the Allow header is duplicated four times, which seems strange, and I think ideally it would only appear once.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions