- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Fri, 14 Mar 2008 00:58:51 +0100
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, 2008-02-28 at 13:26 +0100, Julian Reschke wrote: > It seems to me it would be unwise to say "clients SHOULD believe the > Allow header", but "servers MAY leave of methods". > > If we relax the requirement for the production, we also need to relax > the requirement for the recipient. What I have been saying all the time. If a server cannot make a realistic list of methods it accepts for a given resource it's better it stays silent on the subject than trying to guess. BUT if a server can make a realistic list of methods it SHOULD indicate this, to allow clients to effectively select the best methods for what they want to do (i.e. enable WebDAV instead of querying the user for what method to use for updating content). Relaxing the meaning of Allow on the server side is the wrong way to tackle the problem, just makes Allow useless. If Allow is given by a server it SHOULD be trusted by clients. But it may include methods THIS client can not perform due to other restrictions (i.e. not yet having the credentials needed to perform the request) Regards Henrik
Received on Friday, 14 March 2008 00:00:08 UTC