or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

index.md
tile.json

tessl/npm-method-override

Express.js middleware that allows HTTP method override functionality for environments where clients don't natively support HTTP verbs like PUT, DELETE, and PATCH

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/method-override@3.0.x

To install, run

npx @tessl/cli install tessl/npm-method-override@3.0.0

index.mddocs/

Method Override

Method Override provides Express.js middleware that allows HTTP method override functionality, enabling the use of HTTP verbs like PUT, DELETE, and PATCH in environments where clients don't natively support them (such as HTML forms or legacy browsers).

Package Information

  • Package Name: method-override
  • Package Type: npm
  • Language: JavaScript
  • Installation: npm install method-override

Core Imports

const methodOverride = require('method-override');

For ES modules:

import methodOverride from 'method-override';

Basic Usage

const express = require('express');
const methodOverride = require('method-override');
const app = express();

// Use default X-HTTP-Method-Override header
app.use(methodOverride());

// Override using query parameter
app.use(methodOverride('_method'));

// Override using custom header
app.use(methodOverride('X-HTTP-Method'));

Architecture

Method Override is built around a simple middleware pattern:

  • Factory Function: The main export is a factory that creates Express.js middleware
  • Getter System: Configurable methods to extract override values from requests
  • Security Model: Restricts method override to specific request methods (POST by default)
  • Method Validation: Validates overridden methods against Node.js supported HTTP methods

Capabilities

Method Override Factory

Creates Express.js middleware to override the req.method property with a new value pulled from the provided getter.

/**
 * Creates method override middleware
 * @param {string|function} [getter='X-HTTP-Method-Override'] - Method to get override value
 * @param {object} [options] - Configuration options
 * @param {string[]} [options.methods=['POST']] - Allowed original request methods
 * @returns {function} Express.js middleware function
 */
function methodOverride(getter, options);

The middleware function signature:

/**
 * Express.js middleware that overrides req.method
 * @param {object} req - Express request object
 * @param {object} res - Express response object
 * @param {function} next - Next middleware function
 */
function middleware(req, res, next);

Usage Examples:

// Header-based override (default)
app.use(methodOverride());
app.use(methodOverride('X-HTTP-Method-Override'));

// Query parameter override
app.use(methodOverride('_method'));

// Custom function getter
app.use(methodOverride(function (req, res) {
  if (req.body && typeof req.body === 'object' && '_method' in req.body) {
    var method = req.body._method;
    delete req.body._method;
    return method;
  }
}));

// Multiple format support
app.use(methodOverride('X-HTTP-Method'));       // Microsoft
app.use(methodOverride('X-HTTP-Method-Override')); // Google/GData
app.use(methodOverride('X-Method-Override'));   // IBM

Getter Parameter

The getter parameter determines how to extract the override method from the request:

/**
 * Getter can be a string or function
 * @typedef {string|function} Getter
 */

/**
 * Custom getter function
 * @param {object} req - Express request object
 * @param {object} res - Express response object
 * @returns {string|undefined} Override method or undefined
 */
function customGetter(req, res);

String Getter Rules:

  • Header names: Strings starting with X- are treated as HTTP header names
  • Query parameters: All other strings are treated as query parameter keys
  • Default: 'X-HTTP-Method-Override' if not specified

Options Configuration

/**
 * Configuration options for method override
 * @typedef {object} MethodOverrideOptions
 * @property {string[]|null} [methods=['POST']] - Allowed original request methods
 */

Options Details:

  • methods: Array of HTTP methods that are allowed to be overridden
    • Default: ['POST']
    • Set to null to allow all methods (security risk)
    • Common values: ['POST'], ['POST', 'PATCH']

Request Object Modifications

The middleware modifies the Express request object:

/**
 * Properties added/modified on req object
 * @property {string} req.method - Overridden HTTP method (if valid override found)
 * @property {string} req.originalMethod - Original HTTP method (preserved)
 */

Client Usage Patterns

HTML Forms:

<form method="POST" action="/resource?_method=DELETE">
  <button type="submit">Delete resource</button>
</form>

XMLHttpRequest:

var xhr = new XMLHttpRequest();
xhr.open('POST', '/resource', true);
xhr.setRequestHeader('X-HTTP-Method-Override', 'PUT');
xhr.send(data);

Body Parameter (with custom getter):

<form method="POST" action="/resource" enctype="application/x-www-form-urlencoded">
  <input type="hidden" name="_method" value="DELETE">
  <button type="submit">Delete resource</button>
</form>

Security Considerations

  • Method Restriction: Override only works for specific request methods (POST by default)
  • Method Validation: Only Node.js supported HTTP methods are accepted
  • Custom Validation: Options.methods can restrict which original methods allow override
  • Header Handling: Multiple header values use first occurrence only

Error Handling

  • Invalid Methods: Unsupported override methods are ignored (no error thrown)
  • Missing Values: Missing override values result in no method change
  • Malformed Input: Gracefully handles malformed input without throwing errors