Menu
Hi anyone ever had a situation that a PATCH method over XHR (AJAX requests) was blocked by a firewall ?
Basically we had a situation where a client was complaining that he couldn't update stuff on our app. We checked it everywhere in the world it was working (we connected via VPN several places)
Then they provided us a remote desktop (latest Windows, latest chrome) so we tried it for our-self from their network, and they were right. All PATCH methods via AJAX calls ended up with 405 but all PUT POST DELETE GET methods were fine. We tried to track these PATCH requests in application and Nginx logs but it seems they never hit our server. So conclusion is that their firewall newer let the request leave the building.
normal:
| Laptop PATCH -> Clients Firewal -> Load Balancer -> Nginx proxy -> Rails app (200 response) |
this firewall case:
| Laptop PATCH -> Clients Firewal (405 response) |
Due to lack of time to investigate this we just changed some of these problematic endpoints from PATCH to PUT, and everything was working !
my only explanation in that because PATCH is part of another (later introduced) RFC their firewall must be super old and not registering PATCH as a valid method. Their sys-admin have no idea why this could be. But one clue is that the application is EdTech and clients are Schools => they not necessarily may have the latest technology on their networking stack. Also nanny-software may be preset.
cross-reference to Reddit discussion on same question: https://www.reddit.com/r/rest/comments/5gkvba/patch_blocked_by_firewall/
833
A network administrator may restrict certain websites with a firewall to prevent them from being accessed, whether for protection from malicious content or to save bandwidth. If you figure out that a web page has been blocked due to such restrictions, you can sometimes unblock it by switching from Wi-Fi to mobile data.
Still don't quite know why this was happening but I'm pretty sure that due to PATCH method being younger than the firewall setup.
Basically proper workaround would be to replace PATCH with POST as both are non-idempotent.
HTTP standard best practice tells that you should not replace it with PUT, although some web-frameworks (like Ruby on Rails) make it too darn easy. The thing is that you may end up with other problems due to intermediary devices repeating PUT as it's idempotent.
I've summarized entire story in article http://www.eq8.eu/blogs/37-post-create-and-put-updatepost
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
