Updated Drupal to 8.6. This goes with the following updates because it's possible...

[yaffs-website] / web / core / modules / rest / src / Routing / ResourceRoutes.php

diff --git a/web/core/modules/rest/src/Routing/ResourceRoutes.php b/web/core/modules/rest/src/Routing/ResourceRoutes.php
index 81bf78932ff0656f38d313ddf0a6a1835119bf04..27da48af469e1d77a82f39d34d10479a49e29db5 100644 (file)
--- a/web/core/modules/rest/src/Routing/ResourceRoutes.php
+++ b/web/core/modules/rest/src/Routing/ResourceRoutes.php
@@ -121,14 +121,14 @@ class ResourceRoutes implements EventSubscriberInterface {
 
         // The configuration has been validated, so we update the route to:
         // - set the allowed response body content types/formats for methods
-        //   that may send response bodies
+        //   that may send response bodies (unless hardcoded by the plugin)
         // - set the allowed request body content types/formats for methods that
-        //   allow request bodies to be sent
+        //   allow request bodies to be sent (unless hardcoded by the plugin)
         // - set the allowed authentication providers
-        if (in_array($method, ['GET', 'HEAD', 'POST', 'PUT', 'PATCH'], TRUE)) {
+        if (in_array($method, ['GET', 'HEAD', 'POST', 'PUT', 'PATCH'], TRUE) && !$route->hasRequirement('_format')) {
           $route->addRequirements(['_format' => implode('|', $rest_resource_config->getFormats($method))]);
         }
-        if (in_array($method, ['POST', 'PATCH', 'PUT'], TRUE)) {
+        if (in_array($method, ['POST', 'PATCH', 'PUT'], TRUE) && !$route->hasRequirement('_content_type_format')) {
           $route->addRequirements(['_content_type_format' => implode('|', $rest_resource_config->getFormats($method))]);
         }
         $route->setOption('_auth', $rest_resource_config->getAuthenticationProviders($method));