erratum in RFC 2616: 405 should not require an Allow field in response from Roy T. Fielding on 2005-06-23 (ietf-http-wg@w3.org from April to June 2005)

From: Roy T. Fielding <fielding@gbiv.com>
Date: Thu, 23 Jun 2005 14:00:23 -0700
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <40d68614138753176bae9fbe7a358bc0@gbiv.com>

In RFC 2616:

10.4.6 405 Method Not Allowed

    The method specified in the Request-Line is not allowed for the
    resource identified by the Request-URI. The response MUST include an
    Allow header containing a list of valid methods for the requested
    resource.

which has the effect of requiring that a server advertise all
methods to a resource.  In some cases, method implementation is
implemented across several (extensible) parts of a server and
thus not known.  In other cases, it may not be prudent to tell
an unauthenticated client all of the methods that might be
available to other clients.

I think the above should be modified to s/MUST/MAY/; does anyone
here know of a reason not to make that change?

....Roy

Received on Thursday, 23 June 2005 21:00:15 UTC