Opened 15 years ago
Closed 15 years ago
#24 closed design (fixed)
Requiring Allow in 405 responses
Reported by: | mnot@… | Owned by: | |
---|---|---|---|
Priority: | Milestone: | unassigned | |
Component: | p2-semantics | Severity: | |
Keywords: | Cc: |
Description
In RFC 2616, section 10.4.6 405 Method Not Allowed:
The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource.
which has the effect of requiring that a server advertise all methods to a resource. In some cases, method implementation is implemented across several (extensible) parts of a server and thus not known. In other cases, it may not be prudent to tell an unauthenticated client all of the methods that might be available to other clients.
Attachments (1)
Change History (6)
comment:1 Changed 15 years ago by mnot@…
comment:2 Changed 15 years ago by mnot@…
- Component set to semantics
- Milestone set to unassigned
- version set to d00
comment:3 Changed 15 years ago by mnot@…
Proposal:
- In p2 10.1, change "The actual set of allowed methods is defined by the origin server at the time of each request." to "The actual set of allowed methods is defined by the origin server at the time of each request, and may not necessarily include all (or any) methods that the server would actually allow in a request if presented." (with normal editorial discretion)
- In p2 10.1, remove "However, the indications given by the Allow header field value SHOULD be followed."
Changed 15 years ago by julian.reschke@…
Proposed change (see http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0609.html)
comment:4 Changed 15 years ago by mnot@…
Updated proposal:
- In the definition of Allow, change: The Allow entity-header field lists the set of methods supported by the resource identified by the Request-URI.
to
The Allow entity-header field advertises a set of methods as supported by the resource identified by the Request-URI.
- And, remove: This field cannot prevent a client from trying other methods. However, the indications given by the Allow header field value SHOULD be followed.
comment:5 Changed 15 years ago by julian.reschke@…
- Resolution set to fixed
- Status changed from new to closed
Proposal: Change the MUST to MAY in 10.4.6.