You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BogusRequest appears to be creating requests with randomly generated HTTP methods, and spec always requires the response to be 405 Method Not Allowed. Depending on what method name is randomly generated:
If it happens to generate as one of the IANA methods that is supported, then the response should be the suitable 2xx response.
If it happens to generate one of the IANA methods that is not supported, then the response should be 405 Method Not Allowed as per RFC7231 Section 6.5.5
If it happens to be a method name that is not any of the IANA methods, then shouldn't the response be 501 Not Implemented?
When a request method is received
that is unrecognized or not implemented by an origin server, the
origin server SHOULD respond with the 501 (Not Implemented) status
code. When a request method is received that is known by an origin
server but not allowed for the target resource, the origin server
SHOULD respond with the 405 (Method Not Allowed) status code.
Should MethodNotAllowed be refactored to use one of the other IANA methods that is not used elsewhere in cob_spec -- maybe TRACE or CONNECT?
The text was updated successfully, but these errors were encountered:
kkrull
changed the title
Response to bogus requests in MethodNotAllowed
Response to bogus requests in MethodNotAllowed
May 7, 2018
BogusRequest
appears to be creating requests with randomly generated HTTP methods, and spec always requires the response to be405 Method Not Allowed
. Depending on what method name is randomly generated:501 Not Implemented
?The last paragraph in RFC7231 Section 4 says as follows:
Should
MethodNotAllowed
be refactored to use one of the other IANA methods that is not used elsewhere incob_spec
-- maybeTRACE
orCONNECT
?The text was updated successfully, but these errors were encountered: