- From: John Kemp <john@jkemp.net>
- Date: Mon, 03 Mar 2008 10:03:31 -0500
- To: Mark Nottingham <mnot@mnot.net>
- CC: "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
Hello, Mark Nottingham wrote: > > Exactly. We're not here to re-design Allow or come up with a better > mechanism; just to clarify what it means today. > > To reiterate, my proposal: > >> "The actual set of allowed methods is defined by the origin server at >> the time of each request." >> >> to >> >> "The actual set of allowed methods is defined by the origin server at >> the time of each request, and may not necessarily include all (or any) >> methods that the server would actually allow in a request if presented." Why is this additional text necessary? RFC 2616 says that "The purpose of this field is strictly to inform the recipient of valid methods associated with the resource." There is no requirement, stated or even seemingly implicit, that a server include ALL valid methods in its response. Only the implied requirement that a server does not include "disallowed" methods in the response. And let's remember, this Allow header came in a 405 response - the client tried something that didn't get it what it was looking for. The Allow header says "you tried something I don't allow on that resource - I claim that I support these methods on it." The client can then try again. If it keeps trying unsupported methods (which it is free to do of course) it will keep falling afoul of the server's (hopefully not merely capricious!) requirements, so it's probably best if the client follows the server's advice ("the indications given by the Allow header field value SHOULD be followed") > > Some will argue that that's loosening the requirements of 2616; I don't > think I buy that, because there isn't a RFC2119-level requirement about > the contents of the header. Right - I don't see it as a loosening - but in my reading of 2616 it does seem an unnecessary addition. - johnk > > Thinking about the subsequent discussion, I'm ambivalent about adding a > SHOULD-level requirement on the server side WRT completeness; I think > the text above stands on its own. > > Cheers, > > > On 01/03/2008, at 7:04 AM, Roy T. Fielding wrote: > >> >> There is no point in arguing this. Look at what has been implemented >> so far >> and remove the cases that have not. >> >> ....Roy >> > > > -- > Mark Nottingham http://www.mnot.net/ > >
Received on Monday, 3 March 2008 15:03:48 UTC