W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: i24: Requiring Allow in 405 responses

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 28 Feb 2008 23:14:18 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <BDBD06DB-2CE5-4B1E-A011-0034617C406C@mnot.net>
To: Julian Reschke <julian.reschke@gmx.de>


On 28/02/2008, at 7:47 PM, Julian Reschke wrote:

>
> Mark Nottingham wrote:
>> ...
>> * There is no existing normative text for (b); OPTIONS lists Allow  
>> as an example, nothing more AFAICT. Expanding it to a SHOULD or  
>> MUST seems too aggressive, and software that depends upon it today  
>> is already taking liberties (unless a specific overlay protocol  
>> like WebDAV specifies otherwise).
> > ...
>
> Hm. From <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.9.2.p.6 
> >:
>
> "A 200 response SHOULD include any header fields that indicate  
> optional features implemented by the server and applicable to that  
> resource (e.g., Allow), possibly including extensions not defined by  
> this specification."

My bad - was looking at the wrong section when I wrote that. so, 405  
MUST, OPTIONS implicit SHOULD.



> So it seems to me that is really *is* a SHOULD level requirement for  
> include "Allow".

Well, it's an example of how to fulfil a SHOULD-level requirement.  
Almost the same, but not quite.

>> ...
>> "The actual set of allowed methods is defined by the origin server  
>> at the time of each request."
>> to
>> "The actual set of allowed methods is defined by the origin server  
>> at the time of each request, and may not necessarily include all  
>> (or any) methods that the server would actually allow in a request  
>> if presented."
>> That's my proposal.
>> ...
>
> Me not happy. From <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.14.7.p.5 
> >:
>
> "This field cannot prevent a client from trying other methods.  
> However, the indications given by the Allow header field value  
> SHOULD be followed. The actual set of allowed methods is defined by  
> the origin server at the time of each request."
>
> So, if a server returns an incomplete list of methods -- for  
> instance, not including "PATCH", and the client actually follows  
> *this* requirement, then it wouldn't even try PATCH.

It's a SHOULD; there may be legitimate reasons for it not to be  
followed.

--
Mark Nottingham     http://www.mnot.net/
Received on Thursday, 28 February 2008 12:14:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:37 GMT