Add methodNotAllowedCatcher Middleware and Example

[NalinDalal]

Summary

This PR introduces a helper middleware, methodNotAllowedCatcher, to Express. This middleware allows users to easily send a 405 Method Not Allowed response with the correct Allow header for unsupported HTTP methods on a route. It is exposed via the main Express export for convenience. An example usage is also provided.

Changes

• New Middleware: lib/methodNotAllowedCatcher.js — Helper middleware to send 405 and set the Allow header.
• Export: Exposed as express.methodNotAllowedCatcher in lib/express.js.
• Example: Added examples/method-not-allowed/index.js to demonstrate usage.
• Dependencies: No new dependencies required.

resolves issue #2414

Usage

const express = require('express');

app.route('/user/:id')
  .get(getUser)
  .put(updateUser)
  .delete(deleteUser)
  .all(express.methodNotAllowedCatcher);

Example

Run the example:

node examples/method-not-allowed/index.js

Test with curl:

curl -i http://localhost:3000/user/1         # 200 OK, user data
curl -i -X PUT http://localhost:3000/user/1  # 200 OK, updated
curl -i -X DELETE http://localhost:3000/user/1 # 200 OK, deleted
curl -i -X POST http://localhost:3000/user/1 # 405 Method Not Allowed, Allow: GET, PUT, DELETE

Motivation

This addresses the long-standing feature request for an easy, opt-in way to handle 405 responses for routes defined with .route(). It is non-breaking and fully opt-in.

Related Issues

• route() should handle 405 Method not allowed #2414: route() should handle 405 Method not allowed

Checklist

• Middleware implemented
• Exported via main Express object
• Example provided
• Tested via curl

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or

(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or

(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.

(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.

[bjohansebas]

Thanks for your contribution. Please don’t make aesthetic changes, and could you explain better why you’re adding this function?

I think this is something Express shouldn’t include, In any case, it would go in the router. I haven’t looked into the issue in depth yet, so I can’t give an opinion for now, but if you want to move forward, it would be best to open the PR in the router repository, and without aesthetic changes.

[NalinDalal]

Thank you for the feedback and for referencing the history in #2414 .

I understand that making 405 handling automatic in .route() would be a breaking change, and that previous discussions have leaned toward opt-in solutions or providing examples. That’s why I’ve moved the middleware to an example, following the approach suggested in pillarjs/router#63 and related discussions.

This example provides a reusable, opt-in middleware for 405 responses with the correct Allow header, so users can easily add this behavior to their routes without changes to Express core.

If you’d prefer, I’m happy to move this to the router repo or publish it as a standalone utility. Please let me know how you’d like to proceed, or if you have any other suggestions!