Gin Method Not Allowed

By default gin returns a 404 for an incorrect HTTP verb sent to a handled path. This can be fixed.

Gin Method Not Allowed
Photo by Vlad Tchompalov / Unsplash

TL;DR: by default gin returns a 404 for an incorrect HTTP verb sent to a handled path. This can be fixed. Double-check the method you're using.

📖 Context

At OVHcloud, we use gin-gonic/gin as the go-to HTTP web framework for our internal services.

The default behavior when receiving a request for a path that's handled but with an incorrect HTTP verb is to reply with 404 Not Found.
That's confusing because this status code is more often used when a path is not handled at all.

package main

import "github.com/gin-gonic/gin"

func main() {
	router := gin.Default()
	router.GET("/hello", func(c *gin.Context) {
		c.JSON(http.StatusOK, gin.H{"hello": "gin"})
	})
	router.Run("localhost:8080")
}
$ # existing path
$ curl -i http://localhost:8080/foo
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Date: Tue, 17 Oct 2023 15:59:49 GMT
Content-Length: 15

{"hello":"gin"}⏎

$ # wrong method
$ curl -i -X POST http://localhost:8080/foo
HTTP/1.1 404 Not Found
Content-Type: text/plain
Date: Tue, 17 Oct 2023 16:00:03 GMT
Content-Length: 18

404 page not found⏎

$ # non-existent path
$ curl -i http://localhost:8080/bar
HTTP/1.1 404 Not Found
Content-Type: text/plain
Date: Tue, 17 Oct 2023 16:00:17 GMT
Content-Length: 18

404 page not found⏎

👨🏻‍🔧 Fixing the issue

The router can be configured to handle these cases, but it needs to be manually enabled:

package main

import "github.com/gin-gonic/gin"

func main() {
	router := gin.Default()
	router.HandleMethodNotAllowed = true
	router.GET("/hello", func(c *gin.Context) {
		c.JSON(http.StatusOK, gin.H{"hello": "gin"})
	})
	router.Run("localhost:8080")
}
$ # wrong method
$ curl -i -X POST http://localhost:8080/foo
HTTP/1.1 405 Method Not Allowed
Content-Type: text/plain
Date: Tue, 17 Oct 2023 16:00:53 GMT
Content-Length: 22

405 method not allowed⏎

As far as I can tell, this boolean isn't documented on the docs website, but it has a doc comment attached.

👀 Going further

As you can see, the response still misses the Allow header that should document the allowed methods on the endpoint.

A PR was opened in 2020 to fix this and maintainers seemed OK to merge it, but it had conflicts and the original author wasn't responsive ; so I opened a new one. I hope it will get merged soon!

💡
Update 2024-05-10
The fix is now available in gin-gonic/gin@v1.10.0.