Opened 11 years ago

Closed 7 years ago

#146 closed editorial (incorporated)

Clarify description of 405 (Not Allowed)

Reported by: julian.reschke@… Owned by: julian.reschke@…
Priority: normal Milestone: 22
Component: p2-semantics Severity: Active WG Document
Keywords: Cc:

Description

Part 2 currently says about status 405:

"8.4.6 405 Method Not Allowed

The method specified in the Request-Line is not allowed for the resource identified by the request-target. The response MUST include an Allow header containing a list of valid methods for the requested resource."

Many read this as "the authenticated user is not allowed to, but somebody else might". -- <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-05.html#rfc.section.9.4.6>

But this is not what the description of the related "Allow" header implies:

"10.1 Allow

The response-header field "Allow" lists the set of methods advertised as supported by the resource identified by the Request-URI..." -- <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-05.html#rfc.section.10.1>

...which makes it matter of being supported by the resource in general.

We probably should clarify this in the description of status 405.

Attachments (1)

146.diff (3.4 KB) - added by julian.reschke@… 9 years ago.
proposed patch for part 2

Download all attachments as: .zip

Change History (18)

comment:1 Changed 10 years ago by mnot@…

proposal: s/allowed/supported/

comment:2 Changed 9 years ago by julian.reschke@…

  • Milestone changed from unassigned to 11
  • Owner set to julian.reschke@…
  • Priority set to normal

Changed 9 years ago by julian.reschke@…

proposed patch for part 2

comment:3 Changed 9 years ago by fielding@…

I disagree with the assumptions being made here. Allow is the set of methods allowed by the resource, not by the "server". Why they are allowed (or others disallowed) is not for us to know. Think of it as a poor man's IDL.

I think both descriptions need to be clarified, but changing the word to "supported" is not a clarification.

comment:4 Changed 9 years ago by julian.reschke@…

  • Milestone changed from 11 to 12
  • Summary changed from Clarify desciption of 405 (Not Allowed) to Clarify description of 405 (Not Allowed)

comment:6 Changed 9 years ago by julian.reschke@…

  • Milestone changed from 12 to 13

comment:7 Changed 9 years ago by julian.reschke@…

  • Milestone changed from 13 to 14

comment:8 Changed 8 years ago by julian.reschke@…

  • Milestone changed from 14 to 15

comment:9 Changed 8 years ago by julian.reschke@…

  • Milestone changed from 15 to unassigned

comment:10 Changed 8 years ago by mnot@…

I *think* we can close this with no action -- agree?

It would be nice to have a *general* statement of the applicability of metadata that you get back in a HTTP response, whether it be a status code, a header, etc. -- i.e. that unless the protocol element states otherwise, the element is specific to its associated request, nothing more. Roy, is that sensible to you?

comment:11 Changed 8 years ago by julian.reschke@…

The reason I raised this is because I saw people sending 405 when what they should be sending is a 403.

I think Roy says "this is not a problem". I believe it is, because it really affects what the user agent will report to who/whatever invoked it...

comment:12 Changed 8 years ago by mnot@…

Looking at this again.

Roy, no one here said that the "server" was involved.

There are two possibilities for 405, AFAICT --

  1. the resource doesn't allow the request method for *this* request, or
  2. the resource doesn't allow the request method, period.

My assumption is that (a) is correct; agreed?

If so, we can adjust both definitions.

comment:13 Changed 8 years ago by mnot@…

  • Severity changed from Candidate WG Document to Active WG Document

comment:14 Changed 7 years ago by mnot@…

allowed for --> supported by.

Also may add examples for each case (also possibly to 403).

comment:15 Changed 7 years ago by mnot@…

Julian, can you get this into -20?

comment:16 Changed 7 years ago by fielding@…

From [2086]:

Clarify that 405 is only for rejecting methods not supported by the target resource; addresses #146

comment:17 Changed 7 years ago by fielding@…

  • Milestone changed from unassigned to 22
  • Resolution set to incorporated
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.