Method Not Allowed (#405) [Solved]

Method Not Allowed. This url can only handle the following request methods: POST.

The reason for the error is clear to me, but someone knows tell me how to generate a link or url with the POST method instead of GET, the widget menu between the various items I have one

['label' => 'Logout (' . Yii::$app->user->identity->username .')', 'url'=> ['//user/security/logout'],'linkOptions' => ['data-method' => 'post']],

but he continues to treat it as GET!! Thanks :unsure:

…write here because it might help someone:

to make a POST (url) instead of GET, use yii\helpers\Html, then write:

 $url = Html::a('Logout',


                        ['class' => 'btn btn-success', 'data-method'=>'post']);

bye :)

argh… same <a href> if I call it from another layout … it return me Method Not Allowed #405 not allowed error !! :blink: why ?


…start by saying that in both layouts I have written:

<?= Html::csrfMetaTags() ?>

in <head> section.

Your other layout probably does not include the yii\web\YiiAsset in the asset bundle loaded with the view.

Note: the data-method attribute is validated via yii’s custom javascript/jquery routine. From the api docs:

If the attribute exists, the method will submit the form containing this element. If there is no form, a form will be created and submitted using the method given by this attribute value (e.g. "post", "put"). For hyperlinks, the form action will take the value of the "href" attribute of the link. For other elements, either the containing form action or the current page URL will be used as the form action URL.

Hi @Kartik V you are rights ;) I removed the dependency from assetBundle:

public $depends = [




thanks :)

Hi. I’m having the same issue, I’m using the AdminLTE template taken from here. I changed ThemeAsset.php this way:

    public $depends = [






but I still get #405 Method not allowed on logout (login works).

What am I missing?


I was missing the asset as well as data-toggle!

Hi, It looks that "data-method" is not present on the rendered HTML link.

maybe because there is no mention of "linkOptions" as an attribute on the items array the doc .

my solution (I am using yii2-minimal) :


 'label' => 'Sign out (' . Yii::$app->user->identity->username . ')',

  'url' => ['/user/security/logout'],

   'template' => '<a href="{url}" data-method="post">{label}</a>',

    //'linkOptions' => ['data-method' => 'post']


Is there another way to get the same result without hard-coding the [size="2"]"[/size]data-method[size="2"]"[/size] [size="2"]attribute[/size][size="2"] or make changes to the Menu.php widget[/size][size="2"]?[/size]

Can anyone say why this is, what is the security concern, how does a GET go wrong, why a POST ?

I see (browser view source) the POST includes a hidden cookie value, I assume this is about cross site forgery sorta thing.

I want to place a logout link on another domain entirely, so I intend to remove the verb filter or create a separate entry point.

How will this hurt me later ? ;)

$menuItems[] = ['label' => 'Logout', 'url' => ['/site/logout'], 'linkOptions' => ['data' => ['method' => 'post']]];

1 Like