#40886 closed defect (bug) (fixed)
REST API: PUT requests fail on Nginx servers when fancy permalinks aren't enabled
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.8.1 | Priority: | normal |
| Severity: | normal | Version: | 4.4 |
| Component: | REST API | Keywords: | fixed-major |
| Focuses: | rest-api | Cc: |
Description
Steps to reproduce:
- have a web server running nginx, or use wp docker or vvv fresh installs
- have fancy permalinks disabled, use the stock
?p=123ones - install the Gutenberg editor from https://github.com/WordPress/gutenberg as an activated plugin. Be sure to
npm install,npm run buildetc. - load the Gutenberg menu item in the sidebar
- Press Save draft button, then press Update, and you'll see an error message in the console:
PUT http://localhost/?rest_route=/wp/v2/posts/6 405 (Not Allowed)
If you go to Settings > Permalinks, and choosing any fancy permalink option, saving works fine.
From @pento:
So, it seems that
ngx_http_index_module, the nginx module that redirects/to/index.phpignores all methods exceptGET,HEAD, andPOST.
Editing the post sends aPUT, which is rejected.
See also, trac discussion starting here: https://wordpress.slack.com/archives/C02RQC26G/p1496136902282711
Attachments (3)
Change History (22)
#2
@
8 years ago
- Keywords has-patch has-unit-tests added
- Milestone changed from Awaiting Review to Future Release
While this does affect Gutenberg development, it's fairly edge case-y, with a known workaround (enable pretty permalinks).
Unless there's an urgent need for it otherwise, it can go into 4.9.
#3
@
8 years ago
While working around the issue isn't out of the question (I'd suggest that it shouldn't use the $is_nginx variable, and should just always return that, for consistency), I'm a little concerned that 40886.diff makes it seem like PUT not working isn't an expected behaviour.
It's completely an expected behaviour for a server not to accept a non-GET/HEAD/POST request, it's the exact reason why the `method` overrides are available in both WordPress and many other api platforms. (Also because sometimes in-between proxies/etc mangle requests)
Possibly this is something that could/should be handed by wp.js? If a request is rejected with 405 (Not Allowed) flip the flag and just use the overrides transparently?
#4
@
8 years ago
Yah, I agree about $is_nginx, that's a little overkill.
I don't really like fixing it only in wp-api.js, as then it's only fixed there, rather than fixed for anything that talks to the REST API.
Do we have examples of the REST API being broken by the server only accepting HTTP/1.0 methods? If so, we could look at a more generic solution, but otherwise, I think a small change for weird behaviour in a popular web server is appropriate.
#5
follow-up:
↓ 6
@
8 years ago
40886.2.diff is only handles nginx oddies. It doesn't solve about a thousand other things that can go wrong.
I'd pretty strongly argue that WordPress core should always only use GET/POST/HEAD and, as appropriate, the method overrides for any other methods. It's nice that the REST API server will accept PUT, DELETE, or what have you, but we can't expect servers to allow it. I wouldn't even wait for a 405, I'd just use the overrides.
#6
in reply to:
↑ 5
;
follow-up:
↓ 9
@
8 years ago
Replying to dd32:
I'm a little concerned that 40886.diff makes it seem like PUT not working isn't an expected behaviour.
I don't think this is an expected behavior. Common, or at least known under certain configurations, but still seems broken/buggy to me.
Replying to nacin:
40886.2.diff only handles nginx oddities
Though isn't it only needed for certain permalink structures? Unless I am missing something, the current patch reads as though it will add index.php to pretty permalinks as well.
I'd like to see more testing around different combinations of permalink structures + this issue, and that we don't add index.php unless the current permalink structure dictates that it's necessary.
I'd pretty strongly argue that WordPress core should always only use GET/POST/HEAD
This seems fine to me, though I'd also be in favor of working around what seems to me like buggy behavior.
This ticket was mentioned in Slack in #core-restapi by jnylen. View the logs.
8 years ago
#8
@
8 years ago
I experienced this myself whilst testing the live settings plugin. It was fixed by setting to non-default permalinks, but still something really needs fixing.
#9
in reply to:
↑ 6
@
8 years ago
- Keywords commit added
- Milestone changed from Future Release to 4.8.1
- Owner set to pento
- Status changed from new to assigned
Replying to jnylen0:
Though isn't it only needed for certain permalink structures? Unless I am missing something, the current patch reads as though it will add
index.phpto pretty permalinks as well.
40886.2.diff only adds index.php if permalink_structure is not set.
Unless anyone has further ideological problems with continuing Core's practice of quietly handling odd server behaviour as it crops up, I'm going to sneak this into 4.8.1 tomorrow, because bugging out while testing feature projects does not make for useful feedback.
#10
@
8 years ago
Yep, I misread the patch, sorry. This came up again today during Gutenberg development. +1 for commit.
#11
@
8 years ago
This may be also the issue reported at https://github.com/WordPress/gutenberg/issues/1935
Or it is closely related. Note that there the message is “406 Not Acceptable”.
#13
@
8 years ago
- Keywords fixed-major added
- Resolution fixed deleted
- Status changed from closed to reopened
#15
@
8 years ago
- Keywords has-patch has-unit-tests commit fixed-major removed
- Resolution fixed deleted
- Status changed from closed to reopened
Re-opening, I forgot to update wp-api-generated.js.
More discussion at https://github.com/WordPress/gutenberg/pull/862. Sending e.g. any API PUT request to a default install of VVV should be enough to reproduce this.