* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #24 (closed design: fixed)

Opened 7 years ago

Last modified 7 years ago

Requiring Allow in 405 responses

Reported by: mnot@pobox.com Owned by:
Priority: Milestone: unassigned
Component: p2-semantics Severity:
Keywords: Cc:
Origin: http://www.w3.org/mid/40d68614138753176bae9fbe7a358bc0@gbiv.com

Description

In RFC 2616, section 10.4.6 405 Method Not Allowed:

The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource.

which has the effect of requiring that a server advertise all methods to a resource. In some cases, method implementation is implemented across several (extensible) parts of a server and thus not known. In other cases, it may not be prudent to tell an unauthenticated client all of the methods that might be available to other clients.

Attachments

i24.diff (1.4 KB) - added by julian.reschke@greenbytes.de 7 years ago.
Proposed change (see http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0609.html)

Change History

comment:1 Changed 7 years ago by mnot@pobox.com

Proposal: Change the MUST to MAY in 10.4.6.

comment:2 Changed 7 years ago by mnot@pobox.com

  • version set to d00
  • Component set to semantics
  • Milestone set to unassigned

comment:3 Changed 7 years ago by mnot@pobox.com

Proposal:

  • In p2 10.1, change "The actual set of allowed methods is defined by the origin server at the time of each request." to "The actual set of allowed methods is defined by the origin server at the time of each request, and may not necessarily include all (or any) methods that the server would actually allow in a request if presented." (with normal editorial discretion)
  • In p2 10.1, remove "However, the indications given by the Allow header field value SHOULD be followed."

Changed 7 years ago by julian.reschke@greenbytes.de

comment:4 Changed 7 years ago by mnot@pobox.com

Updated proposal:

  • In the definition of Allow, change: The Allow entity-header field lists the set of methods supported by the resource identified by the Request-URI.

to

The Allow entity-header field advertises a set of methods as supported by the resource identified by the Request-URI.

  • And, remove: This field cannot prevent a client from trying other methods. However, the indications given by the Allow header field value SHOULD be followed.

comment:5 Changed 7 years ago by julian.reschke@gmx.de

  • Status changed from new to closed
  • Resolution set to fixed

Fixed in [240]:

Resolve #24: relax requirements for contents of Allow header (closes #24).

Note: See TracTickets for help on using tickets.