- From: Alex Rousskov <rousskov@measurement-factory.com>
- Date: Thu, 23 Jun 2005 17:04:05 -0600
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Thu, 2005-06-23 at 14:00 -0700, Roy T. Fielding wrote: > In RFC 2616: > > 10.4.6 405 Method Not Allowed > > The method specified in the Request-Line is not allowed for the > resource identified by the Request-URI. The response MUST include an > Allow header containing a list of valid methods for the requested > resource. > > which has the effect of requiring that a server advertise all > methods to a resource. The MUST requirement does not say "a list of ALL valid methods", but perhaps that is implied. > In some cases, method implementation is > implemented across several (extensible) parts of a server and > thus not known. In other cases, it may not be prudent to tell > an unauthenticated client all of the methods that might be > available to other clients. > > I think the above should be modified to s/MUST/MAY/; does anyone > here know of a reason not to make that change? RFC 2616 says that "the methods GET and HEAD MUST be supported by all general-purpose servers". Thus, a general-purpose server (whatever that is) can satisfy the above MUST by listing GET and HEAD in the Allow header. Note that unauthorized requests can be denied, if needed. Said that, I suspect that changing this MUST to SHOULD or MAY will not have a negative impact on implementations. Alex.
Received on Thursday, 23 June 2005 23:06:05 UTC