33

It should be so simple. I've followed every tutorial and forum I could find, yet I can't get it to work. I simply want to build a RESTful API in PHP on Apache2.

In my VirtualHost directive I say:

<Directory />
    AllowOverride All
    <Limit GET HEAD POST PUT DELETE OPTIONS>
        Order Allow,Deny
        Allow from all
    </Limit>
</Directory>

Yet every PUT request I make to the server, I get 405 method not supported.

Someone advocated using the Script directive, but since I use mod_php, as opposed to CGI, I don't see why that would work.

People mention using WebDAV, but to me that seems like overkill. After all, I don't need DAV locking, a DAV filesystem, etc. All I want to do is pass the request on to a PHP script and handle everything myself. I only want to enable PUT and DELETE for the clean semantics.

Improve this question

6 Answers 6

Reset to default
18

You don't need to configure anything. Just make sure that the requests map to your PHP file and use requests with path info. For example, if you have in the root a file named handler.php with this content:

<?php

var_dump($_SERVER['REQUEST_METHOD']);
var_dump($_SERVER['REQUEST_URI']);
var_dump($_SERVER['PATH_INFO']);

if (($stream = fopen('php://input', "r")) !== FALSE)
    var_dump(stream_get_contents($stream));

The following HTTP request would work:

Established connection with 127.0.0.1 on port 81
PUT /handler.php/bla/foo HTTP/1.1
Host: localhost:81
Content-length: 5
 
boo
HTTP/1.1 200 OK
Date: Sat, 29 May 2010 16:00:20 GMT
Server: Apache/2.2.13 (Win32) PHP/5.3.0
X-Powered-By: PHP/5.3.0
Content-Length: 89
Content-Type: text/html
 
string(3) "PUT"
string(20) "/handler.php/bla/foo"
string(8) "/bla/foo"
string(5) "boo
"
Connection closed remotely.

You can hide the "php" extension with MultiViews or you can make URLs completely logical with mod_rewrite.

See also the documentation for the AcceptPathInfo directive and this question on how to make PHP not parse POST data when enctype is multipart/form-data.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Using cURL command line: "curl -X PUT --header "Content-Type: application/octet-stream" --data-binary "@1.gif" -v /handler.php/bla/foo" and inside PHP file dump contents into file. It works great. However, I need to send some extra information eg. token with the request to upload file. I think I should use POST.
The token can be in the header too ;)
This doesn't answer the question. @AndreasJansson, what did you change to get it working? I have the same problem, and saying "you don't need to do anything, it already works" is NOT HELPFUL.
I have the same problem. 405 error occur before it reach .php page. So I cannot map anything.
"Just make sure that the requests map to your PHP file" Right... but how? Agreed, not a helpful answer.
0

For me, the reason was that I accidentally made requests to a non existent path (/users).

Curiously, curl -v --request PUT localhost:8080/users returns 405 Method Not Allowed instead of the 404 Not Found I expected, whereas curl -v --request GET localhost:8080/users returns 404 Not Found.

curl -v --request PUT localhost:8080/ and curl -v --request DELETE localhost:8080/ return 200 OK as expected and reach the index.php in my DocumentRoot using nothing but the default php:apache docker image.

Improve this answer

Comments

-2

AllowOverride AuthConfig

try this. Authentication may be the problem. I was working with a CGI script written in C++, and faced some authentication issues when passed DELETE. The above solution helped me. It may help in your case too.

Also even if you don't get the solution for your problem of PUT and DELETE, do not stop working rather use "CORS". It is a google chrome app, which will help you bypass the problem, but remember it is a temporary solution, so that your work or experiments doesn't remain freeze for long. Obviously, you cannot ask your client to have "CORS" enabled to run your solution, as it may compromise systems security.

Improve this answer

1 Comment

Why do you think that authentication may be the root cause, despite the fact that the stated problem is a 405, not a 403? What has CORS got to do with either HTTP method acceptability, or authentication? Could you please clarify your answer, to make it clear which of these three concepts you're talking about?
-3

On linux, /etc/apache2/mods-enabled/php5.conf dans php5.load exists. If not, enables this modules (may require to sudo apt-get install libapache2-mod-php5).

Improve this answer

1 Comment

Can you please use the code tags? That makes it a lot more readable.
-4

IIRC the purpose of the form method attribute was to define different transport methods. Consequently, HTML 5.2 only defines GET, POST, and DIALOG methods for transport and dialog action, not how the server should process the data.

Ruby-on-rails solves this problem by using POST/GET for everything and adding a hidden form variable that defines the actual ReST method. This approach is more clumsy and error-prone, but does remove the burden from both the HTML standard and browser developers.

The form method was defined before ReST, so you cannot define ReST in HTML, even after enabling Apache and PHP because the browsers conform to HTML and therefore default to GET/POST for all non-HTML defined values. That means, when you send a form to the browser with a PUT method, the browser changes that to GET and uses that instead. The hidden variable, however, passes through everything unchanged, so you can use that to customise your form handling process.

Hope that helps

Improve this answer

9 Comments

Are you sure you meant "HTML"?
Well, no, it isn't.
Click on the link I gave you. Method can be omitted. Its default is GET.
Doesn't matter, anyway; this question is about the HTTP server returning an error code, not about HTML or Ruby-on-Rails or REST or whatever else you're talking about. The OP didn't even mention <form>.
It's not my opinion. I literally linked to the standard document lol
|
-8

The technical limitations with using PUT and DELETE requests does not lie with PHP or Apache2; it is instead on the burden of the browser to sent those types of requests.

Simply putting <form action="" method="PUT"> will not work because there are no browsers that support that method (and they would simply default to GET, treating PUT the same as it would treat gibberish like FDSFGS). Sadly those HTTP verbs are limited to the realm of non-desktop application browsers (ie: web service consumers).

Improve this answer

1 Comment

He said he wants a restful API so it may well have nothing to do browsers. Anyway, current browsers support PUT, DELETE etc. through the XmlHttpRequest

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.