feat: add SkipMethodNotAllowedMiddleware option

Adds a new Engine option that, when enabled, prevents global middleware registered via Use() from being executed for 405 Method Not Allowed responses. This allows NoMethod handlers to run without triggering middleware that may reject the request (e.g., authentication, checksum validation) before the 405 response can be sent. Fixes gin-gonic/gin#4189
2026-06-06 03:08:11 +08:00 · 2026-06-04 21:42:09 +00:00 · 2026-06-04 21:42:09 +00:00 · e3d8bf2305
commit e3d8bf2305
parent d75fcd4c9a
2 changed files with 70 additions and 0 deletions
--- a/gin.go
+++ b/gin.go
@ -122,6 +122,13 @@ type Engine struct {
 	// handler.
 	HandleMethodNotAllowed bool

+	// SkipMethodNotAllowedMiddleware if enabled, global middleware registered via Use()
+	// will not be executed for 405 Method Not Allowed responses. This allows
+	// NoMethod handlers to run without triggering middleware that may reject
+	// the request (e.g., authentication, checksum validation) before the 405
+	// response can be sent.
+	SkipMethodNotAllowedMiddleware bool
+
 	// ForwardedByClientIP if enabled, client IP will be parsed from the request's headers that
 	// match those stored at `(*gin.Engine).RemoteIPHeaders`. If no IP was
 	// fetched, it falls back to the IP obtained from
@ -358,6 +365,10 @@ func (engine *Engine) rebuild404Handlers() {
 }

 func (engine *Engine) rebuild405Handlers() {
+	if engine.SkipMethodNotAllowedMiddleware {
+		engine.allNoMethod = engine.noMethod
+		return
+	}
 	engine.allNoMethod = engine.combineHandlers(engine.noMethod)
 }

--- a/gin_test.go
+++ b/gin_test.go
@ -1156,3 +1156,62 @@ func TestUpdateRouteTreesCalledOnce(t *testing.T) {
 		assert.Equal(t, "ok", w.Body.String())
 	}
 }
+
+// Test the fix for https://github.com/gin-gonic/gin/issues/4189
+func TestSkipMethodNotAllowedMiddleware(t *testing.T) {
+	g := New()
+	g.HandleMethodNotAllowed = true
+	g.SkipMethodNotAllowedMiddleware = true
+
+	var middlewareCalled bool
+	middleware := func(c *Context) {
+		middlewareCalled = true
+		c.Next()
+	}
+	noMethodHandler := func(c *Context) {
+		c.String(http.StatusMethodNotAllowed, "method not allowed")
+	}
+
+	g.Use(middleware)
+	g.NoMethod(noMethodHandler)
+	g.POST("/test", func(c *Context) {
+		c.String(http.StatusOK, "ok")
+	})
+
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	g.ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusMethodNotAllowed, w.Code)
+	assert.Equal(t, "method not allowed", w.Body.String())
+	assert.False(t, middlewareCalled, "middleware should not be called when SkipMethodNotAllowedMiddleware is true")
+}
+
+func TestSkipMethodNotAllowedMiddlewareDisabled(t *testing.T) {
+	g := New()
+	g.HandleMethodNotAllowed = true
+	g.SkipMethodNotAllowedMiddleware = false
+
+	var middlewareCalled bool
+	middleware := func(c *Context) {
+		middlewareCalled = true
+		c.Next()
+	}
+	noMethodHandler := func(c *Context) {
+		c.String(http.StatusMethodNotAllowed, "method not allowed")
+	}
+
+	g.Use(middleware)
+	g.NoMethod(noMethodHandler)
+	g.POST("/test", func(c *Context) {
+		c.String(http.StatusOK, "ok")
+	})
+
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/test", nil)
+	g.ServeHTTP(w, req)
+
+	assert.Equal(t, http.StatusMethodNotAllowed, w.Code)
+	assert.Equal(t, "method not allowed", w.Body.String())
+	assert.True(t, middlewareCalled, "middleware should be called when SkipMethodNotAllowedMiddleware is false")
+}