what is $_SERVER['HTTP_X_HTTP_METHOD']

Question

I'm reading through the explanations of REST api here and there is the following code block there:

$this->method = $_SERVER['REQUEST_METHOD'];
if ($this->method == 'POST' && array_key_exists('HTTP_X_HTTP_METHOD', $_SERVER)) {
    if ($_SERVER['HTTP_X_HTTP_METHOD'] == 'DELETE') {
        $this->method = 'DELETE';
    } else if ($_SERVER['HTTP_X_HTTP_METHOD'] == 'PUT') {
        $this->method = 'PUT';
    } else {
        throw new Exception("Unexpected Header");
    }
}

My question is what is $_SERVER['HTTP_X_HTTP_METHOD']? I've googled around and the only thing I've found is the usage of X-HTTP-Method-Override header to transfer desired method of execution through POST method. Actually the code above seems like it's doing exactly it. So is it?

Answer 1

From Microsoft's article on X-HTTP-Method:

the X-HTTP-Method header can be added to a POST request that signals that the server MUST process the request not as a POST, but as if the HTTP verb specified as the value of the header was used as the method on the HTTP request's request line, as specified in [RFC2616] section 5.1. This technique is often referred to as "verb tunneling".

Short answer, the real HTTP verb that is in the header will be POST but applications will look for this special header to figure out what type of request was actually meant by emulating the HTTP verb.

Then, it's under $_SERVER[] because it's being sent as an HTTP header. Most HTTP headers are accessible under the $_SERVER array, and are prefixed with HTTP_.