Comment 3 for bug 423149

lazr.restful is too zealous in validating the X-HTTP-Method-Override header. Our rule is that you're only allowed to use it in a POST request, and if you use it in any other kind of request, it's an error.

Chromium is making a POST request with X-HTTP-Method-Override set to PATCH. The response is a 301 redirect. (It should be 303, but that doesn't change this analysis.) Chromium makes a follow-up GET request, and *propagates* the X-HTTP-Method-Override header in the second request. So, Launchpad interprets the second request as someone trying to turn a GET request into a POST request by setting X-HTTP-Method-Override.

In the interests of being liberal what we accept, we will ignore X-HTTP-Method-Override unless the request is a POST request.