From 465cda77f7790775b57f96cb22cc34bfbe9ff785 Mon Sep 17 00:00:00 2001
From: Guillaume Marteau <gmarteau@juniper.net>
Date: Mon, 24 Apr 2023 11:03:38 +0300
Subject: [PATCH 1/2] Read X-Method-Override header before
 X-HTTP-Method-Override

---
 runtime/mux.go      | 10 ++++++++--
 runtime/mux_test.go | 22 ++++++++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/runtime/mux.go b/runtime/mux.go
index f451cb441f4..567a1f235a9 100644
--- a/runtime/mux.go
+++ b/runtime/mux.go
@@ -320,7 +320,12 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		path = r.URL.RawPath
 	}
 
-	if override := r.Header.Get("X-HTTP-Method-Override"); override != "" && s.isPathLengthFallback(r) {
+	override := r.Header.Get("X-Method-Override")
+	if override == "" {
+		override = r.Header.Get("X-HTTP-Method-Override")
+	}
+
+	if override != "" && s.isPathLengthFallback(r) {
 		r.Method = strings.ToUpper(override)
 		if err := r.ParseForm(); err != nil {
 			_, outboundMarshaler := MarshalerForRequest(s, r)
@@ -428,7 +433,8 @@ func (s *ServeMux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 				continue
 			}
 
-			// X-HTTP-Method-Override is optional. Always allow fallback to POST.
+			// X-Method-Override or X-HTTP-Method-Override is optional.
+			// Always allow fallback to POST.
 			// Also, only consider POST -> GET fallbacks, and avoid falling back to
 			// potentially dangerous operations like DELETE.
 			if s.isPathLengthFallback(r) && m == http.MethodGet {
diff --git a/runtime/mux_test.go b/runtime/mux_test.go
index b284235c29e..b440bb0e9c6 100644
--- a/runtime/mux_test.go
+++ b/runtime/mux_test.go
@@ -206,6 +206,28 @@ func TestMuxServeHTTP(t *testing.T) {
 			respStatus:  http.StatusOK,
 			respContent: "GET /foo",
 		},
+		{
+			patterns: []stubPattern{
+				{
+					method: "GET",
+					ops:    []int{int(utilities.OpLitPush), 0},
+					pool:   []string{"foo"},
+				},
+				{
+					method: "POST",
+					ops:    []int{int(utilities.OpLitPush), 0},
+					pool:   []string{"foo"},
+				},
+			},
+			reqMethod: "POST",
+			reqPath:   "/foo",
+			headers: map[string]string{
+				"Content-Type":           "application/x-www-form-urlencoded",
+				"X-Method-Override": "GET",
+			},
+			respStatus:  http.StatusOK,
+			respContent: "GET /foo",
+		},
 		{
 			patterns: []stubPattern{
 				{

From bd62220bd2686d37c5512934fb6e7d6e33aacb84 Mon Sep 17 00:00:00 2001
From: Guillaume Marteau <gmarteau@juniper.net>
Date: Mon, 24 Apr 2023 11:11:39 +0300
Subject: [PATCH 2/2] Format

---
 runtime/mux_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runtime/mux_test.go b/runtime/mux_test.go
index b440bb0e9c6..e8c4d197de5 100644
--- a/runtime/mux_test.go
+++ b/runtime/mux_test.go
@@ -222,7 +222,7 @@ func TestMuxServeHTTP(t *testing.T) {
 			reqMethod: "POST",
 			reqPath:   "/foo",
 			headers: map[string]string{
-				"Content-Type":           "application/x-www-form-urlencoded",
+				"Content-Type":      "application/x-www-form-urlencoded",
 				"X-Method-Override": "GET",
 			},
 			respStatus:  http.StatusOK,