Description
Originally discussed in woocommerce/woocommerce#23155
The WooCommerce REST API uses all the HTTP verbs (GET, POST, PUT, DELETE). Also, we've found (props @dechov for the find) that WooCommerce Admin is already relying on some PUT REST endpoints. Here, for example.
In WooCommerce Services, we've had user reports in the past regarding endpoints like those. An apache2 server, with mod_security configured with the most popular set of settings, will forbid any PUT or DELETE HTTP requests to hit the server at all.
Here's the issue, with more context: Automattic/woocommerce-services#930
Gutenberg fixed the same issue here: WordPress/gutenberg#4396 and here: WordPress/gutenberg#5741
Basically, the fix is to change all PUT requests that com from the client to POST requests with a X-HTTP-Method-Override: PUT HTTP header, or a _method=PUT querystring arg. Same with DELETE or PATCH requests.