Re: GET/HEAD support "MUST"

Robert Brewer wrote:
>    An origin server SHOULD return the status code 405 (Method Not Allowed)
>    if the method is known by the origin server but not allowed for the
>    requested resource, and 501 (Not Implemented) if the method is
>    unrecognized or not implemented by the origin server. The methods GET
>    and HEAD MUST be supported by all general-purpose servers.
> I think that pretty clearly states that, for GET and HEAD, 405 is the recommended approach, not 404. Other methods may alternately use 501. The only case I can think of for 404 is if the resource identified by the Request-URI doesn't implement *any* method (or, saying that a different way, "if there is no resource identified by that Request-URI").

There are several reasonable answers;

  403 - the server prohibits GET/HEAD against this (all) URI(s)
  404 - the server has nothing to offer (a write-only server)
  405 - the server prohibits method GET/HEAD (might confused some clients)

There's clearly a wrong answer per your snip above;

  501 - not implemented

The other 500 codes imply to the client that it could retry at some future
time, which of in this case is an untrue assertion.

Received on Friday, 30 January 2009 00:14:45 UTC