Link: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/24
Origin: http://www.w3.org/mid/40d68614138753176bae9fbe7a358bc0@gbiv.com
Component: p2-semantics
In RFC 2616, section 10.4.6 405 Method Not Allowed:
The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource.
which has the effect of requiring that a server advertise all methods to a resource. In some cases, method implementation is implemented across several (extensible) parts of a server and thus not known. In other cases, it may not be prudent to tell an unauthenticated client all of the methods that might be available to other clients.
Proposal: Change the MUST to MAY in 10.4.6.
Proposal:
Proposed change (see http://lists.w3.org/Archives/Public/ietf-http-wg/2008JanMar/0609.html )
Updated proposal: * In the definition of Allow, change:
The Allow entity-header field lists the set of methods supported by the resource identified by the Request-URI.
to
The Allow entity-header field advertises a set of methods as supported by the resource identified by the Request-URI.
* And, remove:
This field cannot prevent a client from trying other methods. However, the indications given by the Allow header field value SHOULD be followed.
Fixed in [240]:
Resolve #24: relax requirements for contents of Allow header (closes #24).