W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: i24: Requiring Allow in 405 responses

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 4 Mar 2008 13:18:39 +1100
Cc: John Kemp <john@jkemp.net>, "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <43F660A3-7DBA-4F26-A0B5-9EBFECFC7785@mnot.net>
To: Julian Reschke <julian.reschke@gmx.de>

I think that's the core of the issue, and primary source of confusion.

There is no "the" set of methods; a single request can only contain  
one method, so it's impossible to determine what "the" set of methods  
is; HTTP does not provide atomicity for multiple requests.

Therefore, some frame of reference is needed. Most people seem to read  
"the set of methods" as implying "...that you would accept on this  
resource" for some undefined, fuzzy period of time, and for some  
undefined, fuzzy period of request characteristics. The set may  
contain PROPFIND now, but it may not in three minutes. The set may  
contain POST if you present the right credentials, but may not if you  
don't. And so on.

Add to this the original concern of the issue; that some  
implementations may not be able to determine the complete set at  

In short, the phrase does not include "complete", and the set of  
methods that it will accept is not necessarily the inversion of the  
set of methods it won't accept; there is a gray area in between.

One way to fix this is to make the definition of the set less fuzzy,  
but as Roy has pointed out, that's taking liberties.

The other is to document the fuzziness and move on, which is what I'm  
trying to do. If others have better ways of doing that, or a third way  
forward, please say so.


On 04/03/2008, at 2:56 AM, Julian Reschke wrote:

> John Kemp wrote:
>> Why is this additional text necessary? RFC 2616 says that
>> "The purpose of this field is strictly to inform the recipient of  
>> valid methods associated with the resource."
>> There is no requirement, stated or even seemingly implicit, that a  
>> server include ALL valid methods in its response. Only the implied  
>> requirement that a server does not include "disallowed" methods in  
>> the response.
>> ...
> Sorry????
> "The Allow entity-header field lists the set of methods supported by  
> the resource identified by the Request-URI."
> I would say that "*the* set of methods" is clear enough; it doesn't  
> allow a subset.
>> ...
> BR, Julian

Mark Nottingham     http://www.mnot.net/
Received on Tuesday, 4 March 2008 02:18:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:44 UTC