Why does SlickStack block PUT and DELETE requests in Nginx
- This topic is empty.
-
AuthorPosts
-
December 8, 2022 at 9:52 am #3340BruceGuest
This has come up a few times so I thought we should have a forum thread for better SEO visibility… if you are using WordPress and Nginx and wondering why certain requests are result in 405 errors such as PUT, DELETE, PATCH etc…
https://github.com/littlebizzy/slickstack/issues/116
It’s because these are disallowed by default in modern servers for the most part, even if you’re not using SlickStack with Nginx.
December 8, 2022 at 9:54 am #3341ZacharyGuestThe immediate reaction from some “full stack” devs might be omg, WordPress is so annoying, or SlickStack is not working properly!
This isn’t the case… it’s usually that they are using unsafe/old-fashioned requests in their WordPress plugin or whatever application having problems….
December 8, 2022 at 9:56 am #3342RobertGuestThe truth is WordPress is pretty awesome here, because using the REST API you can send nearly anything using safer POST requests:
https://gridpane.com/kb/making-nginx-accept-put-delete-and-patch-verbs/
And then using query strings, you can generate pseudo-requests to accomplish things that are not typically included in POST requests, but can be with WordPress.
Example:
POST /wp-json/wp/v2/posts/42?_method=DELETE
December 8, 2022 at 9:57 am #3343MichelleGuestIf you review that article from GridPane they also provide a free “hack” you can add to your Nginx using a small
.conf
file to redirect non-POST requests as needed.But for SlickStack we don’t plan on adding this by default because it’s really just patching poorly coded plugins, etc.
The better solution is to fix the code in question to leverage the REST API better.
December 8, 2022 at 9:59 am #3344JesseGuestMore reading on this
December 15, 2022 at 9:00 am #3430RichardGuestAnd then using query strings, you can generate pseudo-requests to accomplish things that are not typically included in POST requests, but can be with WordPress.
Any properly coded WordPress plugin should be doing this via REST API.
If your plugin is not doing this, hacking your Nginx to accept non-POST requests is just decreasing security and avoiding a long-term solution.
August 30, 2023 at 12:58 pm #7707June 21, 2024 at 2:40 pm #25357ArthurGuestAugust 4, 2024 at 6:21 pm #25817BeverlyGuestHey guys, I understand the consequences but for a short time I need to enable PUT request, is there a way to achieve this with SS?
I am referring this guide: https://gridpane.com/kb/making-nginx-accept-put-delete-and-patch-verbs/But upon the SS monthly update PUT functionality will cease. please suggest how to keep edits even after the monthly updates.
Thanks.
August 5, 2024 at 5:15 am #25818EdwardGuestplease suggest how to keep edits even after the monthly updates
do you know which SlickStack cron job is overwriting your changes?
August 7, 2024 at 6:28 pm #25852DouglasGuestUnfortunately. No.
August 8, 2024 at 3:50 am #25853MichaelGuestafaik there is no cron job in SlickStack that overwrites Nginx config changes, unless you run
ss install
orss install nginx config
However the
SS_LOCKDOWN="true"
in your ss-config should also help avoid that. It’s still being worked on, with community feedback, but whentrue
it will prevent certain things from being overwritten. It’s not fully supported yet, still being developed. -
AuthorPosts