Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Aro's avatar
Aro
OP
3 years ago
Level 1

Only GET requests are returning responses in production, but all works in development.

Other endpoints which are not GET for example POST or PUT get handled by the fallback route. What could be the issue? I tried viewing logs, modifying .htaccess and every solution that was suggested but I can't get them to work no matter what command I run or what configuration I change. this is the routes/api file so csrf should not be an issue and I already checked the kernel for that.

<?php
use App\Http\Controllers\AppController;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\ForgotPasswordController;
use App\Http\Controllers\ResetPasswordController;


Route::middleware(['throttle:70,1'])->group(function () {
    Route::post('login', [AuthController::class, 'login']);
	Route::get('available-academic-years', [AppController::class, 'getAvailableAcademicYears']);

	 // ... rest of routes      

});

 
Route::fallback(function () {
    return response()->json(['message' => 'The requested resource does not exist']);
});
0 likes
9 replies
LaryAI's avatar
LaryAI
AI
3 years ago
Level 58

The issue could be related to the web server configuration. It's possible that the web server is not configured to allow POST or PUT requests to reach the Laravel application.

One solution could be to check the web server configuration and ensure that it allows all HTTP methods to reach the Laravel application.

Another solution could be to try using a different web server, such as Nginx, to see if the issue persists.

If the issue persists, it could be helpful to provide more information about the web server and any error messages that are being received.

Example code for allowing all HTTP methods in Nginx configuration:

location / {
    try_files $uri $uri/ /index.php?$query_string;
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type';
}
Aro's avatar
Aro
OP
3 years ago
Level 1

@LaryAI I know this is an A.I response but just to clarify for whoever stumbles upon this discussion. This is the content of my .htaccess file. It should allow all methods as far as I'm concerned.

  <IfModule mod_rewrite.c>
        <IfModule mod_negotiation.c>
            Options -MultiViews -Indexes
        </IfModule>

        RewriteEngine On

        # Handle Authorization Header
        RewriteCond %{HTTP:Authorization} .
        RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

        # Redirect Trailing Slashes If Not A Folder...
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_URI} (.+)/$
        RewriteRule ^ %1 [L,R=301]

        # Send Requests To Front Controller...
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^ index.php [L]
    </IfModule>
kokoshneta's avatar

I don’t understand what cPanel has to do with this? What do you mean by reaching endpoints ‘in cPanel’?

Aro's avatar
Aro
OP
3 years ago
Level 1

@kokoshneta excuse me for wording the question so poorly. I just meant it could probably be related to some configuration there that I'm missing? Although it doesn't look like it but I don't really know and I have wasted two days trying to solve this. I just rephrased the question, hope it is clearer now.

kokoshneta's avatar
kokoshneta
3 years ago
Best Answer
Level 27

@Aro Ah, I see now.

I haven’t used cPanel for at least a decade, probably more, so I don’t remember it’s settings, but have you checked that there isn’t a setting somewhere either there or in your server (Apache?) config that completely blocks all POST/PUT/PATCH requests?

Do non-API endpoints work with POST requests?

Aro's avatar
Aro
OP
3 years ago
Level 1

@kokoshneta when I'm using post in web.php for example I get The server returned a "405 Method Not Allowed". but Presumably because I'm not sending a csrf-token? as I'm using Postman. That made me remove the fallback route and voila I'm also getting a 405 method not allowed for the api routes that are not GET.

kokoshneta's avatar

@Aro What if you go through a browser for a non-API route so the CSRF token is sent along?

And what happens if you remove the fallback API route? Does it give you a 404 or 405 or something else then?

1 like
Aro's avatar
Aro
OP
3 years ago
Level 1

@kokoshneta I can't thank you enough, you guided me to find the issue and it was my fault all along. I saved the url as a variable in Postman and I had just typed the domain name without the https and that was the whole issue.

kokoshneta's avatar

@Aro Aha, yes, that would certainly do it! You can use the “Set Best Answer” button that appears when you hover over an answer to mark the issue as solved and get the thread off the Unsolved list.

Please or to participate in this conversation.