W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2009

Re: GET/HEAD support "MUST"

From: William A. Rowe, Jr. <wrowe@rowe-clan.net>
Date: Thu, 29 Jan 2009 18:13:54 -0600
Message-ID: <49824642.5090606@rowe-clan.net>
To: Robert Brewer <fumanchu@aminus.org>
CC: Julian Reschke <julian.reschke@gmx.de>, Geoffrey Sneddon <foolistbar@googlemail.com>, HTTP Working Group <ietf-http-wg@w3.org>

Robert Brewer wrote:
> 
>    An origin server SHOULD return the status code 405 (Method Not Allowed)
>    if the method is known by the origin server but not allowed for the
>    requested resource, and 501 (Not Implemented) if the method is
>    unrecognized or not implemented by the origin server. The methods GET
>    and HEAD MUST be supported by all general-purpose servers.
> 
> I think that pretty clearly states that, for GET and HEAD, 405 is the recommended approach, not 404. Other methods may alternately use 501. The only case I can think of for 404 is if the resource identified by the Request-URI doesn't implement *any* method (or, saying that a different way, "if there is no resource identified by that Request-URI").

There are several reasonable answers;

  403 - the server prohibits GET/HEAD against this (all) URI(s)
  404 - the server has nothing to offer (a write-only server)
  405 - the server prohibits method GET/HEAD (might confused some clients)

There's clearly a wrong answer per your snip above;

  501 - not implemented

The other 500 codes imply to the client that it could retry at some future
time, which of in this case is an untrue assertion.
Received on Friday, 30 January 2009 00:14:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:00 GMT