I authored a Relaxation-ful API using Free Of Fat Framework in PHP, and am creating a call using backbone.js. After I try to save a brand new Orders model my application constitutes a PUT request, and also the server spits back a 406 error.

Request Method:PUT
Status Code:406 Not Acceptable

Request Headers
Accept:application/json, text/javascript, */*; q=0.01
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:174
Content-Type:application/json
Cookie:__utma=239804689.76636928.1286699220.1305666110.1325104376.94; __utmz=239804689.1325104376.94.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PHPSESSID=935d2632fd0d12a1a0df4cb0f392eb5e
X-Requested-With:XMLHttpRequest

Request Payload
{"id":0,"customerId":0,"lastPage":"items","priceConfig":null,"items":null,"saveStatus":0,"savedAt":1326588395899,"name":null}

Response Headers
Connection:Keep-Alive
Content-Length:460
Content-Type:text/html; charset=iso-8859-1
Date:Sun, 15 Jan 2012 00:46:37 GMT
Keep-Alive:timeout=5, max=98
Server:Apache

My .htaccess file appears like this:

# Enable rewrite engine and route requests to framework
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L,QSA]

# Disable ETags
<IfModule mod_headers.c>
    Header Unset ETag
    FileETag none
</IfModule>

# Default expires header if none specified (stay in browser cache for 7 days)
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault A604800
</IfModule>

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

This site application works fine on my small local server and just performs this on my small web server. Any ideas what's going wrong?

I emerged having a workaround.

My believe my server is applying mod_security2 to bar PUT and Remove demands. I'm waiting to listen to back from their store, and mod_security2 can not be disabled inshtaccess files so there is nothing I'm able to do.

Using "Script PUT /filename" within the .htaccess file was leading to a 500 error: "Script not permitted here", I don't know why, however i made the decision not to cope with getting my hosting company reconfigured to deal with PUT and Remove.

To help keep my API Relaxation-ful, I left within the normal handling of PUT and Remove, and added this towards the Publish handling:

function post() {
    //if Backbone.emulateHTTP is true, emulate PUT
    $data = json_decode(F3::get('REQBODY'), true);
    $type = $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']; //PUT, DELETE, POST
    if ($type == 'PUT') {
        $this->put();
        return;
    }
    if ($type == 'DELETE') {
        $this->delete();
        return;
    }

    //handle normal POST here
}

Should you set Backbone.emulateHTTP = true it keeps the request method as Publish and transmits the X-HTTP-Method-Override as PUT or Remove.

I love this because I'm able to keep my Relaxation-ful implementation intact, and merely comment the emulateHTTP code when ever I publish to my webserver.