express icon indicating copy to clipboard operation
express copied to clipboard
Published 4 weeks ago verified publisher icon expressjs

Add methodNotAllowedCatcher Middleware and Example

Open NalinDalal opened this issue 3 months ago • 2 comments

Summary

This PR introduces a helper middleware, methodNotAllowedCatcher, to Express. This middleware allows users to easily send a 405 Method Not Allowed response with the correct Allow header for unsupported HTTP methods on a route. It is exposed via the main Express export for convenience. An example usage is also provided.

Changes

  • New Middleware: lib/methodNotAllowedCatcher.js — Helper middleware to send 405 and set the Allow header.
  • Export: Exposed as express.methodNotAllowedCatcher in lib/express.js.
  • Example: Added examples/method-not-allowed/index.js to demonstrate usage.
  • Dependencies: No new dependencies required.

resolves issue #2414

Usage

const express = require('express');

app.route('/user/:id')
  .get(getUser)
  .put(updateUser)
  .delete(deleteUser)
  .all(express.methodNotAllowedCatcher);

Example

Run the example:

node examples/method-not-allowed/index.js

Test with curl:

curl -i http://localhost:3000/user/1         # 200 OK, user data
curl -i -X PUT http://localhost:3000/user/1  # 200 OK, updated
curl -i -X DELETE http://localhost:3000/user/1 # 200 OK, deleted
curl -i -X POST http://localhost:3000/user/1 # 405 Method Not Allowed, Allow: GET, PUT, DELETE

Motivation

This addresses the long-standing feature request for an easy, opt-in way to handle 405 responses for routes defined with .route(). It is non-breaking and fully opt-in.

Related Issues

  • #2414: route() should handle 405 Method not allowed

Checklist

  • [x] Middleware implemented
  • [x] Exported via main Express object
  • [x] Example provided
  • [x] Tested via curl

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

NalinDalal avatar Oct 11 '25 09:10 NalinDalal

Thank you for the feedback and for referencing the history in #2414 .

I understand that making 405 handling automatic in .route() would be a breaking change, and that previous discussions have leaned toward opt-in solutions or providing examples. That’s why I’ve moved the middleware to an example, following the approach suggested in pillarjs/router#63 and related discussions.

This example provides a reusable, opt-in middleware for 405 responses with the correct Allow header, so users can easily add this behavior to their routes without changes to Express core.

If you’d prefer, I’m happy to move this to the router repo or publish it as a standalone utility. Please let me know how you’d like to proceed, or if you have any other suggestions!

NalinDalal avatar Oct 12 '25 12:10 NalinDalal

Please assign this to me.

shubhanshu2103 avatar Nov 05 '25 04:11 shubhanshu2103