onInvalidHTTPMethod not firing with SES Interceptor


The SES Interceptor does not check for an onInvalidHTTPMethod() before throwing the standard error. Starting at line 130 in `coldbox/system/interceptors/SES.cfc`:


Evagoras Charalambous
March 5, 2016, 4:55 PM

That looks like it would work.

Jon Clausen
March 5, 2016, 5:06 PM

By setting it as a global, though, it's still not going to solve the core issue. For example, if you have an API handler that needs to always return JSON, but your app also has other handlers that need to render HTML, the global isn't going to solve the issue because it's going to force you to pick one: an HTML response or a JSON response.

Personally, I've now just gone the way of declaring the `onInvalidHTTPMethod` in my API routing method struct and letting the global method handle the HTML responses:

Ideally, though, you'd want the SES Interceptor to follow the ColdBox conventions. If an `onInvalidHTTPMethod` exists in the handler or the package, it should fire when the HTTPMethod isn't valid.

Evagoras Charalambous
March 5, 2016, 6:17 PM

We actually have cases where we serve JSON and PDFs under the same REST API endpoint, so makes a valid point. Thanks for thinking ahead on this, that totally escaped me.

Right now, to circumvent this issue, I have added the code change in the SES that I described above, and also added this to my base controller:

That, of course, results in a "405 Method Not Allowed" when a consumer calls an illegal method (like a DELETE for example), with this body:

Luis Majano
March 7, 2016, 4:03 PM

Ok, so how about making the ticket two parts:

1. Having a global onInvalidHTTPHandler() that can manage global invalid HTTP calls
2. Add an argument to the addRoute() called invalidHTTPHandler that can manage the invalid HTTP calls to that specific route permutation


Evagoras Charalambous
March 8, 2016, 12:02 AM

"Having a global onInvalidHTTPHandler() that can manage global invalid HTTP calls" should be the ideal and should take care of all types of content type return formats.

I am not sure how I would then use an invalidHTTPHandler in the addRoute(), but I suppose it couldn't hurt.



Luis Majano


Jon Clausen



Fix versions

Affects versions