How does django-rest-framework decide what the default `allowed_methods` should be for a `ModelViewSet`?

Question

The company I work for has 2 projects that use django and DRF 3.

• both projects have a ViewSet that extends ModelViewSet
• both ViewSets do not explicitly define the allowed_methods property and are just using whatever DRF figures should be the default
• both ViewSets do not override or define any handler methods (create(), update(), partial_update(), patch(), etc.)

However, in one project the allowed_methods property defaults to [u'GET', u'PUT', u'PATCH', u'DELETE', u'HEAD', u'OPTIONS']. For the other allowed_methods defaults to [u'GET', u'POST', u'HEAD', u'OPTIONS']. Consequently, I get a 405 response with

Method "PATCH" not allowed.

when I attempt to send a PATCH request.

What causes project 2 to be more restricted?

Answer 1

DRF only exposes Django's internal _allowed_methods() so we should review the implementation of that method:

def _allowed_methods(self):
    return [m.upper() for m in self.http_method_names if hasattr(self, m)]

where self.http_method_names is defined as:

http_method_names = ['get', 'post', 'put', 'patch', 'delete', 'head', 'options', 'trace']

Is there a difference in what methods these clases define that could explain what you're seeing?