Fixed Method Not Allowed returning a 500 http code


I noticed that when a page requires the use of the POST method the server replies with a 500 error when using an invalid method (GET). This is handled by the _assertPostOnly() method in library/XenForo/Controller.php

The error visible on the page is "This action is available via POST only. Please press the back button and try again." As the error is related to the method used to access the page it should return a "405 Method Not Allowed" error instead of a 500.

You can reproduce by going to http://yoururl/login/login

The patch is attached to this message.



XenForo developer
Staff member
Good catch, though it needs a little bit more -- a 405 response MUST include an "Allow" header value, according to the spec. I've made additional changes to send that through as well.