Rules Hub
Coding Rules Library
← Back to all rules
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
backend ruleP1universalStack: node
apihttpvalidationbackend
Reject unsupported HTTP methods in API route handlers
Each API route should only respond to its intended HTTP method(s) and return 405 for others, rather than running its logic for any method.
PR: vinify-frontend · org-mining-2026-06Created: Jun 17, 2026
Bad example
Old codets
| 1 | export default async function handler(req, res) { |
| 2 | // runs for GET, PUT, DELETE... regardless of intent |
| 3 | await uploadImage(req); |
| 4 | res.status(200).end(); |
| 5 | } |
Explanation (EN)
Objašnjenje (HR)
Good example
New codets
| 1 | export default async function handler(req, res) { |
| 2 | if (req.method !== 'POST') { |
| 3 | return res.status(405).json({ error: 'Method not allowed' }); |
| 4 | } |
| 5 | await uploadImage(req); |
| 6 | res.status(200).end(); |
| 7 | } |
Explanation (EN)
Objašnjenje (HR)