ColdBox has sported RESTFul capabilities since the 3.0.0 days (that's since 2011).  As each release matures, our RESTFul suite of tools mature as well.  In our latest release we introduced a great way to intercept when RESTFul endpoints are called with invalid HTTP methods.  Every ColdBox handler has the this.allowedMethods structure which can tell the framework what actions can be executed with what HTTP methods.

this.allowedMethods = {
  index = "GET",
  save = "PUT,POST",
  remove = "DELETE"
}

The security map above tells the framework what HTTP methods you can use for which action. For example, the remove() action can only be executed with the DELETE HTTP method. If you execute the action with any other HTTP method, then the framework will throw a security exception. In previous version, you had to do hoops in order to intercept and gracefully show users a nice message. With ColdBox 4 we introduce the onInvalidHTTPMethod() action.

You can place this action in the same handler or a base handler and it will become alive as soon as an action is executed with an invalid HTTP method. The signature for the method is:

function onInvalidHTTPMethod( faultAction, event, rc, prc ){
    event.renderData( 
       type="json", 
       data={ "error" : true, "message" : "The endpoint you called cannot be executed using the #event.getHTTPMethod()# HTTP method." } 
    ).setHTTPHeader( statusCode="405", statusMessage="Invalid HTTP Method #event.getHTTPMethod()#" );
}

The faultAction tells you what action was invalidly called and you can use the event.getHTTPMethod() to retrieve the offending method. This way you can make sure you can uniformly respond to RESTFul requests that are invalid.