@@ -644,13 +644,16 @@ export function createLoaderPATApiRoute<
644644// can raise typed 4xx errors instead of the route string-matching messages.
645645// Deliberately self-contained (not sharing internals with the loader) so
646646// existing PAT loader routes are untouched.
647+ type PATActionMethod = "POST" | "PUT" | "DELETE" | "PATCH" ;
648+
647649type PATActionRouteBuilderOptions <
648650 TParamsSchema extends AnyZodSchema | undefined = undefined ,
649651 TSearchParamsSchema extends AnyZodSchema | undefined = undefined ,
650652 THeadersSchema extends AnyZodSchema | undefined = undefined ,
651653 TBodySchema extends AnyZodSchema | undefined = undefined ,
652654> = PATRouteBuilderOptions < TParamsSchema , TSearchParamsSchema , THeadersSchema > & {
653- method ?: "POST" | "PUT" | "DELETE" | "PATCH" ;
655+ // A single verb, or a list for multi-method routes (e.g. ["PATCH", "DELETE"]).
656+ method ?: PATActionMethod | PATActionMethod [ ] ;
654657 body ?: TBodySchema ;
655658} ;
656659
@@ -710,10 +713,14 @@ export function createActionPATApiRoute<
710713 return apiCors ( request , json ( { } ) ) ;
711714 }
712715
713- if ( method && request . method . toUpperCase ( ) !== method ) {
716+ const allowedMethods = method ? ( Array . isArray ( method ) ? method : [ method ] ) : undefined ;
717+ if ( allowedMethods && ! ( allowedMethods as string [ ] ) . includes ( request . method . toUpperCase ( ) ) ) {
714718 return await wrapResponse (
715719 request ,
716- json ( { error : "Method not allowed" } , { status : 405 , headers : { Allow : method } } ) ,
720+ json (
721+ { error : "Method not allowed" } ,
722+ { status : 405 , headers : { Allow : allowedMethods . join ( ", " ) } }
723+ ) ,
717724 corsStrategy !== "none"
718725 ) ;
719726 }
0 commit comments