W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: i24: Requiring Allow in 405 responses

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Fri, 14 Mar 2008 00:58:51 +0100
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1205452731.10356.106.camel@HenrikLaptop>

On Thu, 2008-02-28 at 13:26 +0100, Julian Reschke wrote:

> It seems to me it would be unwise to say "clients SHOULD believe the 
> Allow header", but "servers MAY leave of methods".
> 
> If we relax the requirement for the production, we also need to relax 
> the requirement for the recipient.

What I have been saying all the time. If a server cannot make a
realistic list of methods it accepts for a given resource it's better it
stays silent on the subject than trying to guess.

BUT if a server can make a realistic list of methods it SHOULD indicate
this, to allow clients to effectively select the best methods for what
they want to do (i.e. enable WebDAV instead of querying the user for
what method to use for updating content).

Relaxing the meaning of Allow on the server side is the wrong way to
tackle the problem, just makes Allow useless.

If Allow is given by a server it SHOULD be trusted by clients. But it
may include methods THIS client can not perform due to other
restrictions (i.e. not yet having the credentials needed to perform the
request)

Regards
Henrik
Received on Friday, 14 March 2008 00:00:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:37 GMT