W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: PROPOSAL: i24 Requiring Allow in 405 Responses

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Tue, 18 Mar 2008 20:21:58 +0100
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Brian Smith <brian@briansmith.org>, "'Stefan Eissing'" <stefan.eissing@greenbytes.de>, "'Mark Nottingham'" <mnot@mnot.net>, "'HTTP Working Group'" <ietf-http-wg@w3.org>
Message-Id: <1205868118.18425.154.camel@HenrikLaptop>

On Tue, 2008-03-18 at 18:54 +0100, Julian Reschke wrote:

> - "RECOMMENDED" re-adds the normative requirement that most people want 
> to get rid of, as some servers do not get this right in practice 
> (remember that RECOMMENDED == SHOULD).

True, and which means something you SHOULD do unless you have a darn
good reason not to do so (such as not being able), and if you can't do
what you SHOULD then you MAY do things otherwise knowing that then you
MAY confuse others and any such confusion is entirely your own fault by
not being able to provide the correct information.

None of the proposed changes change this picture at all. All the
proposed changes do is to add to the confusion imho, and even supporting
it.

a) Encourage servers to not even attempt in providing valid information
by lowering the requirement level from a SHOULD or saying that the list
does not need to be correct.

b) Up front tells clients that they should not look into the header as
it's probably useless (which it isn't).

The issue was brought up because of servers having a filter before the
actual processing engine which blocks methods, without any knowledge of
what methods the actual processing engine can support. Imho such filters
have no business returning 405 in the first place and should return 403
instead. If they do insist on returning 405 it's better if such filters
do not return an Allow header at all.

Thats my view of this.

But if there is a consensus that it's meaningful to make Allow by
removing the conditions which gives it any value, only to make servers
who insist on returning 405 without even knowing what they do support
still fully compliant (not only conditionally compliant) when I won't
object, but it's a poor direction to take imho.

Regards
Henrik
Received on Tuesday, 18 March 2008 19:23:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:37 GMT