cancel
Showing results for 
Search instead for 
Did you mean: 

[PageNotFound] Request method 'POST' not supported error while uploading a PDF file

Former Member
0 Kudos

Hi All, I have a reuirement to upload PDF file. While doing tht i see below exception WARN [hybrisHTTP15] [PageNotFound] Request method 'POST' not supported Tag file code snippet:

     File:
             <input name="remarks" type="text" class="order-cnfm-textbox upload-order" placeholder="Remarks">  
 
                 <input type="file" id="pdfFile" name=pdfFile >
          
                 <input type="submit"  id="importButton" />
           </form:form>

Attributes in Form (cretaed setter & getter):

 public class StatementUploadForm
 {
     private MultipartFile pdfFile;
     private String statementId;
     private String remarks;

Controller class code snippet:

 */
     @RequestMapping(value = "/approveStatements", method = RequestMethod.POST)
     public String approveStatements(@ModelAttribute("StatementUploadForm") final StatementUploadForm StatementUploadForm)
             throws CMSItemNotFoundException
     {
         final String action = "APPROVE_WITH_ISSUES";
 
         ARStatementFacade.updateStatementStatus(StatementUploadForm.getStatementId(), action,
                 StatementUploadForm.getRemarks(), StatementUploadForm.getPdfFile());
 
         return REDIRECT_TO_AR_STATEMENT_PAGE;
     }

If i remove enctype="multipart/form-data" property from tag file.. and change name of pdfFile to other then mentioned in form.. In that case call go to controller else it break with exception: WARN [hybrisHTTP15] [PageNotFound] Request method 'POST' not supported

I also referrred ImportCSVPage controller but no luck. Kindly help.

Accepted Solutions (0)

Answers (2)

Answers (2)

andyfletcher
Active Contributor
0 Kudos

Isn't this just your form not having a hidden CSRFToken field? Hybris (Spring?) used to show you this as the error message but more recent versions seem to forward to the login page instead that doesn't support POSTs which is why you see that error instead.

Either add your url to the exclusion list in the config property csrf.allowed.url.patterns or the Spring bean list csrfAllowedUrlPatternsList to confirm this. (This probably isn't a good long term solution though)

Since it looks like you are using a Spring form tag then I'm surprised that the hidden field isn't being added automatically. Check your page source to see if it's there.

andyfletcher
Active Contributor
0 Kudos

Actually you may already be adding the CSRFToken but it appears to not work out of the box with multipart forms.

See https://docs.spring.io/spring-security/site/docs/current/reference/html/web-app-security.html#csrf-m...

It suggests changing the order of the filters to allow uploading the temporary file before checking to see if the user is authorised. The other option is to put the token in the action url which isn't ideal.

Former Member
0 Kudos

I tried to add csrf token in the action url but it didn;t worked for me

andyfletcher
Active Contributor
0 Kudos

Stick a breakpoint in CsrfProtectionMatcher.matches() just to confirm my hypothesis. You should see it return true if I'm correct.

Or add your url to one of the allowed lists. Something like this?

 <util:list id="csrfAllowedUrlPatternsList">
     <value>.*/my-account/approveStatements.*</value>
 </util:list>
Former Member
0 Kudos

method="POST" action="/mystorefront/wecomm-zh/en/USD/my-account/approveStatements" enctype="multipart/form-data" commandName="StatementUploadForm"