or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

tessl/npm-method-override

Express.js middleware that allows HTTP method override functionality for environments where clients don't natively support HTTP verbs like PUT, DELETE, and PATCH

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/method-override@3.0.x

To install, run

npx @tessl/cli install tessl/npm-method-override@3.0.0
0
# Method Override
1


2
Method Override provides Express.js middleware that allows HTTP method override functionality, enabling the use of HTTP verbs like PUT, DELETE, and PATCH in environments where clients don't natively support them (such as HTML forms or legacy browsers).
3


4
## Package Information
5


6
- **Package Name**: method-override
7
- **Package Type**: npm
8
- **Language**: JavaScript
9
- **Installation**: `npm install method-override`
10


11
## Core Imports
12


13
```javascript
14
const methodOverride = require('method-override');
15
```
16


17
For ES modules:
18


19
```javascript
20
import methodOverride from 'method-override';
21
```
22


23
## Basic Usage
24


25
```javascript
26
const express = require('express');
27
const methodOverride = require('method-override');
28
const app = express();
29


30
// Use default X-HTTP-Method-Override header
31
app.use(methodOverride());
32


33
// Override using query parameter
34
app.use(methodOverride('_method'));
35


36
// Override using custom header
37
app.use(methodOverride('X-HTTP-Method'));
38
```
39


40
## Architecture
41


42
Method Override is built around a simple middleware pattern:
43


44
- **Factory Function**: The main export is a factory that creates Express.js middleware
45
- **Getter System**: Configurable methods to extract override values from requests
46
- **Security Model**: Restricts method override to specific request methods (POST by default)
47
- **Method Validation**: Validates overridden methods against Node.js supported HTTP methods
48


49
## Capabilities
50


51
### Method Override Factory
52


53
Creates Express.js middleware to override the `req.method` property with a new value pulled from the provided getter.
54


55
```javascript { .api }
56
/**
57
 * Creates method override middleware
58
 * @param {string|function} [getter='X-HTTP-Method-Override'] - Method to get override value
59
 * @param {object} [options] - Configuration options
60
 * @param {string[]} [options.methods=['POST']] - Allowed original request methods
61
 * @returns {function} Express.js middleware function
62
 */
63
function methodOverride(getter, options);
64
```
65


66
The middleware function signature:
67


68
```javascript { .api }
69
/**
70
 * Express.js middleware that overrides req.method
71
 * @param {object} req - Express request object
72
 * @param {object} res - Express response object
73
 * @param {function} next - Next middleware function
74
 */
75
function middleware(req, res, next);
76
```
77


78
**Usage Examples:**
79


80
```javascript
81
// Header-based override (default)
82
app.use(methodOverride());
83
app.use(methodOverride('X-HTTP-Method-Override'));
84


85
// Query parameter override
86
app.use(methodOverride('_method'));
87


88
// Custom function getter
89
app.use(methodOverride(function (req, res) {
90
  if (req.body && typeof req.body === 'object' && '_method' in req.body) {
91
    var method = req.body._method;
92
    delete req.body._method;
93
    return method;
94
  }
95
}));
96


97
// Multiple format support
98
app.use(methodOverride('X-HTTP-Method'));       // Microsoft
99
app.use(methodOverride('X-HTTP-Method-Override')); // Google/GData
100
app.use(methodOverride('X-Method-Override'));   // IBM
101
```
102


103
### Getter Parameter
104


105
The getter parameter determines how to extract the override method from the request:
106


107
```javascript { .api }
108
/**
109
 * Getter can be a string or function
110
 * @typedef {string|function} Getter
111
 */
112


113
/**
114
 * Custom getter function
115
 * @param {object} req - Express request object
116
 * @param {object} res - Express response object
117
 * @returns {string|undefined} Override method or undefined
118
 */
119
function customGetter(req, res);
120
```
121


122
**String Getter Rules:**
123
- **Header names**: Strings starting with `X-` are treated as HTTP header names
124
- **Query parameters**: All other strings are treated as query parameter keys
125
- **Default**: `'X-HTTP-Method-Override'` if not specified
126


127
### Options Configuration
128


129
```javascript { .api }
130
/**
131
 * Configuration options for method override
132
 * @typedef {object} MethodOverrideOptions
133
 * @property {string[]|null} [methods=['POST']] - Allowed original request methods
134
 */
135
```
136


137
**Options Details:**
138
- **methods**: Array of HTTP methods that are allowed to be overridden
139
  - Default: `['POST']`
140
  - Set to `null` to allow all methods (security risk)
141
  - Common values: `['POST']`, `['POST', 'PATCH']`
142


143
### Request Object Modifications
144


145
The middleware modifies the Express request object:
146


147
```javascript { .api }
148
/**
149
 * Properties added/modified on req object
150
 * @property {string} req.method - Overridden HTTP method (if valid override found)
151
 * @property {string} req.originalMethod - Original HTTP method (preserved)
152
 */
153
```
154


155
### Client Usage Patterns
156


157
**HTML Forms:**
158
```html
159
<form method="POST" action="/resource?_method=DELETE">
160
  <button type="submit">Delete resource</button>
161
</form>
162
```
163


164
**XMLHttpRequest:**
165
```javascript
166
var xhr = new XMLHttpRequest();
167
xhr.open('POST', '/resource', true);
168
xhr.setRequestHeader('X-HTTP-Method-Override', 'PUT');
169
xhr.send(data);
170
```
171


172
**Body Parameter (with custom getter):**
173
```html
174
<form method="POST" action="/resource" enctype="application/x-www-form-urlencoded">
175
  <input type="hidden" name="_method" value="DELETE">
176
  <button type="submit">Delete resource</button>
177
</form>
178
```
179


180
## Security Considerations
181


182
- **Method Restriction**: Override only works for specific request methods (POST by default)
183
- **Method Validation**: Only Node.js supported HTTP methods are accepted
184
- **Custom Validation**: Options.methods can restrict which original methods allow override
185
- **Header Handling**: Multiple header values use first occurrence only
186


187
## Error Handling
188


189
- **Invalid Methods**: Unsupported override methods are ignored (no error thrown)
190
- **Missing Values**: Missing override values result in no method change
191
- **Malformed Input**: Gracefully handles malformed input without throwing errors