Opened 9 years ago

Closed 9 years ago

#24 closed design (fixed)

Requiring Allow in 405 responses

Reported by: mnot@… Owned by:
Priority: Milestone: unassigned
Component: p2-semantics Severity:
Keywords: Cc:

Description

In RFC 2616, section 10.4.6 405 Method Not Allowed:

The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource.

which has the effect of requiring that a server advertise all methods to a resource. In some cases, method implementation is implemented across several (extensible) parts of a server and thus not known. In other cases, it may not be prudent to tell an unauthenticated client all of the methods that might be available to other clients.

Attachments (1)

i24.diff (1.4 KB) - added by julian.reschke@… 9 years ago.
Proposed change (see http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0609.html)

Download all attachments as: .zip

Change History (6)

comment:1 Changed 9 years ago by mnot@…

Proposal: Change the MUST to MAY in 10.4.6.

comment:2 Changed 9 years ago by mnot@…

  • Component set to semantics
  • Milestone set to unassigned
  • version set to d00

comment:3 Changed 9 years ago by mnot@…

Proposal:

  • In p2 10.1, change "The actual set of allowed methods is defined by the origin server at the time of each request." to "The actual set of allowed methods is defined by the origin server at the time of each request, and may not necessarily include all (or any) methods that the server would actually allow in a request if presented." (with normal editorial discretion)
  • In p2 10.1, remove "However, the indications given by the Allow header field value SHOULD be followed."

Changed 9 years ago by julian.reschke@…

comment:4 Changed 9 years ago by mnot@…

Updated proposal:

  • In the definition of Allow, change: The Allow entity-header field lists the set of methods supported by the resource identified by the Request-URI.

to

The Allow entity-header field advertises a set of methods as supported by the resource identified by the Request-URI.

  • And, remove: This field cannot prevent a client from trying other methods. However, the indications given by the Allow header field value SHOULD be followed.

comment:5 Changed 9 years ago by julian.reschke@…

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in [240]:

Resolve #24: relax requirements for contents of Allow header (closes #24).

Note: See TracTickets for help on using tickets.