From 4f7ed8ad341cd2590f0d2e5463958750fbf4f518 Mon Sep 17 00:00:00 2001
From: gtmnayan <gtmnayan@gmail.com>
Date: Thu, 13 Apr 2023 08:19:36 +0545
Subject: [PATCH 1/5] fix: allow header methods list

---
 packages/kit/src/runtime/server/utils.js          | 10 ++++------
 packages/kit/test/apps/basics/test/server.test.js |  5 +++--
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/packages/kit/src/runtime/server/utils.js b/packages/kit/src/runtime/server/utils.js
index 5fb1c6b4a86e..e9c9e3354e1d 100644
--- a/packages/kit/src/runtime/server/utils.js
+++ b/packages/kit/src/runtime/server/utils.js
@@ -34,13 +34,11 @@ export function method_not_allowed(mod, method) {
 
 /** @param {Partial<Record<import('types').HttpMethod, any>>} mod */
 export function allowed_methods(mod) {
-	const allowed = [];
+	const allowed = ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'].filter(
+		(method) => method in mod
+	);
 
-	for (const method in ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS']) {
-		if (method in mod) allowed.push(method);
-	}
-
-	if (mod.GET || mod.HEAD) allowed.push('HEAD');
+	if ('GET' in mod || 'HEAD' in mod) allowed.push('HEAD');
 
 	return allowed;
 }
diff --git a/packages/kit/test/apps/basics/test/server.test.js b/packages/kit/test/apps/basics/test/server.test.js
index ce31f520f98c..90409c6b3253 100644
--- a/packages/kit/test/apps/basics/test/server.test.js
+++ b/packages/kit/test/apps/basics/test/server.test.js
@@ -120,11 +120,12 @@ test.describe('Endpoints', () => {
 		});
 	});
 
-	test('invalid request method returns allow header', async ({ request }) => {
+	test.only('invalid request method returns allow header', async ({ request }) => {
 		const response = await request.post('/endpoint-output/body');
 
 		expect(response.status()).toBe(405);
-		expect(response.headers()['allow'].includes('GET'));
+		expect(response.headers()['allow']).toMatch(/\bGET\b/);
+		expect(response.headers()['allow']).toMatch(/\bHEAD\b/);
 	});
 
 	// TODO all the remaining tests in this section are really only testing

From 4158173d1d1db153b56f20af6b59b5363e8cae54 Mon Sep 17 00:00:00 2001
From: gtmnayan <gtmnayan@gmail.com>
Date: Thu, 13 Apr 2023 08:23:48 +0545
Subject: [PATCH 2/5] changeset

---
 .changeset/shy-avocados-sip.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/shy-avocados-sip.md

diff --git a/.changeset/shy-avocados-sip.md b/.changeset/shy-avocados-sip.md
new file mode 100644
index 000000000000..88cef2eb2297
--- /dev/null
+++ b/.changeset/shy-avocados-sip.md
@@ -0,0 +1,5 @@
+---
+'@sveltejs/kit': patch
+---
+
+fix: allow header methods list for 405s

From adf485a4489171f39fa68032ab54a3927d299c6e Mon Sep 17 00:00:00 2001
From: gtmnayan <gtmnayan@gmail.com>
Date: Thu, 13 Apr 2023 08:29:05 +0545
Subject: [PATCH 3/5] remove only

---
 packages/kit/test/apps/basics/test/server.test.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/kit/test/apps/basics/test/server.test.js b/packages/kit/test/apps/basics/test/server.test.js
index 90409c6b3253..23c248d4673c 100644
--- a/packages/kit/test/apps/basics/test/server.test.js
+++ b/packages/kit/test/apps/basics/test/server.test.js
@@ -120,7 +120,7 @@ test.describe('Endpoints', () => {
 		});
 	});
 
-	test.only('invalid request method returns allow header', async ({ request }) => {
+	test('invalid request method returns allow header', async ({ request }) => {
 		const response = await request.post('/endpoint-output/body');
 
 		expect(response.status()).toBe(405);

From f5c61dc0cfae6eab2453558c298f44296b8ebe9a Mon Sep 17 00:00:00 2001
From: gtmnayan <gtmnayan@gmail.com>
Date: Thu, 13 Apr 2023 08:30:27 +0545
Subject: [PATCH 4/5] common var

---
 packages/kit/test/apps/basics/test/server.test.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/packages/kit/test/apps/basics/test/server.test.js b/packages/kit/test/apps/basics/test/server.test.js
index 23c248d4673c..7baf3686d819 100644
--- a/packages/kit/test/apps/basics/test/server.test.js
+++ b/packages/kit/test/apps/basics/test/server.test.js
@@ -124,8 +124,10 @@ test.describe('Endpoints', () => {
 		const response = await request.post('/endpoint-output/body');
 
 		expect(response.status()).toBe(405);
-		expect(response.headers()['allow']).toMatch(/\bGET\b/);
-		expect(response.headers()['allow']).toMatch(/\bHEAD\b/);
+
+		const allow_header = response.headers()['allow'];
+		expect(allow_header).toMatch(/\bGET\b/);
+		expect(allow_header).toMatch(/\bHEAD\b/);
 	});
 
 	// TODO all the remaining tests in this section are really only testing

From a6978baf034d6623825d0fed9cc4c09966a538fb Mon Sep 17 00:00:00 2001
From: Simon H <5968653+dummdidumm@users.noreply.github.com>
Date: Thu, 13 Apr 2023 11:07:18 +0200
Subject: [PATCH 5/5] Update shy-avocados-sip.md

---
 .changeset/shy-avocados-sip.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.changeset/shy-avocados-sip.md b/.changeset/shy-avocados-sip.md
index 88cef2eb2297..20b3566767e7 100644
--- a/.changeset/shy-avocados-sip.md
+++ b/.changeset/shy-avocados-sip.md
@@ -2,4 +2,4 @@
 '@sveltejs/kit': patch
 ---
 
-fix: allow header methods list for 405s
+fix: correct allow header methods list for 405s