Express app.all() Method

Beginner
⏱️ 11 min read
📚 Updated: May 2026
🎯 5 Code Examples
Express.js

What you’ll learn

  • Where app.all(path, ...handlers) fits in the Express routing stack.
  • How request flow works with next(), route ordering, and path patterns.
  • How to implement route-level logging, authorization, and shared context setup.
  • How to test multi-method behavior and avoid common routing pitfalls.

Overview

Use app.all() when one route-level behavior should run for every HTTP method on the same path.

One path, all methods

A single handler matches GET/POST/PUT/PATCH/DELETE for the same path pattern.

Shared route middleware

Ideal for checks like auth, logging, and request enrichment before method-specific handlers run.

Interview-ready details

You get syntax, request flow, complete mini app, testing checklist, and common mistakes.

Syntax

javascript
app.all(path, callback)
app.all(path, middleware1, middleware2, ..., callback)
  • path: route path or path pattern to match.
  • callback / middleware: runs for every HTTP method matching that path.
  • Use next() to continue to the next matching middleware or route.

🔄 Request flow with app.all()

Match path

Express checks whether the incoming request path matches your app.all() route pattern.

Run handler for any method

The handler runs regardless of method: GET, POST, PUT, PATCH, DELETE, etc.

Either respond or continue

If you send a response, lifecycle ends. Otherwise call next() so downstream handlers execute.

Method-specific route executes

After next(), Express can run app.get(), app.post(), and other route handlers.

1

Quick route guard example

Protect every method under /api/private/* before serving method-specific endpoints.

javascript
app.all('/api/private/*', function (req, res, next) {
  if (!req.user) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  next();
});

app.get('/api/private/profile', function (req, res) {
  res.json({ id: req.user.id, name: req.user.name });
});
2

Common use cases

javascript
// 1) Logging middleware
app.all('/api/*', function (req, res, next) {
  console.log(new Date().toISOString(), req.method, req.originalUrl);
  next();
});

// 2) Authentication gate
app.all('/admin/*', function (req, res, next) {
  if (!req.user) {
    return res.status(401).send('Unauthorized');
  }
  next();
});

// 3) Attach request context
app.all('/orders/*', function (req, res, next) {
  req.requestTime = Date.now();
  req.traceId = req.headers['x-trace-id'] || 'local-dev';
  next();
});
3

Complete mini app

This end-to-end sample protects admin routes and then serves method-specific handlers.

javascript
const express = require('express');
const app = express();

app.use(express.json());

app.all('/admin/*', function (req, res, next) {
  const token = req.headers['x-admin-token'];
  if (token !== 'secret-123') {
    return res.status(403).json({ error: 'Forbidden' });
  }
  next();
});

app.get('/admin/users', function (req, res) {
  res.json({ users: ['Asha', 'Kavin'] });
});

app.post('/admin/users', function (req, res) {
  res.status(201).json({ created: req.body });
});

app.listen(3000, function () {
  console.log('Server running on http://localhost:3000');
});

📋 app.all() vs app.use()

MethodBest forMethod scope
app.all()Route-specific logic across methodsAll HTTP methods on matching path
app.use()General middleware mountingAll methods by default

🧪 Testing checklist

  • Send both GET and POST to the same protected prefix and verify both pass through app.all().
  • Trigger one unauthorized request and validate expected 401 or 403.
  • Confirm authorized requests reach method-specific handlers after next().
  • Check logs include method + path for production debugging.

Pitfalls to avoid

Missing next()

Hanging request

If no response is sent and next() is not called, request processing stalls.

Over-broad path

Unexpected matching

Patterns like /api/* can catch too many routes when placed too early.

Wrong route order

Handler priority issues

Define route order intentionally so expected handlers execute first.

❓ FAQ

It registers a handler for a path that runs on every HTTP method, including GET, POST, PUT, PATCH, and DELETE.
Use app.all() for shared route-level logic that should run regardless of method, like auth checks, request logging, or context setup.
Yes. If the handler sends a response, the lifecycle ends. If downstream handlers should continue, call next().
app.use() is general middleware mounting, while app.all() explicitly maps to a route path for all HTTP methods.
Usually yes. app.all() commonly runs first for shared checks, then method-specific handlers return actual data.

Summary

  • Use case: app.all() is best for shared route-level logic across all methods.
  • Flow: send a response or call next() explicitly to keep lifecycle predictable.
  • Design: combine app.all() for shared checks with method-specific handlers for endpoint behavior.
Did you know?

app.all() is method-agnostic: one handler can validate auth, log requests, or attach shared context before calling next().

About the author

Mari Selvan M P
Mari Selvan M P 🔗

Developer, cloud engineer, and technical writer

  • Experience 12 years building web and cloud systems
  • Focus Full Stack Development, AWS, and Developer Education

I write practical tutorials so students and working developers can learn by doing—from databases and APIs to deployment on AWS.

6 people found this page helpful