CORS: PATCH method is not allowed

[fnevgeny]

I believe in corsHeaders(), in

header('Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS');

the PATCH method is missing.

Thanks for sharing the very useful code!

[tyzoid]

Thanks, do you have an example API endpoint that utilizes the PATCH method?

[fnevgeny]

PATCH is like PUT, but only for updating a part of an entity. In both cases you pass a JSON object of your choice, but while for PUT the object contains all fields, PATCH - only a subset; typically just one (e.g., changing password of a user without altering his/her name/lastname/etc)

[tyzoid]

Yeah, I get what PATCH is used for, but I'm trying to figure out if it makes sense to have a slightly different way of handling this type of request, or if it makes more sense to just treat them in the same manner as a POST internally. This is tangential to the bug at hand, but related.

[fnevgeny]

On success, POST returns 201, PATCH (like PUT) should return 204. Other than that, I don't think there should be any special treatment.